Facebook has joined Google and Mozilla in paying cash rewards to researchers who privately report vulnerabilities that could jeopardize the privacy or security of their users. The social network said Friday it would pay $500 for the disclosure of most website flaws, such as XSS, or cross-site scripting errors. The company may …
If Microsoft paid whenever someone found a bug, they'd be broke within the week!
$500 for a XSS? Create a basic wall worm and promote a short survey and you'll earn more than that in about 3 minutes.
I've got one...
Facebook exposes vast amounts of sensitive personal information that can be sold.
What? That's a design feature?
vulnerabilities that could jeopardize the privacy ... of their users
Er, isn't the biggest risk Facebook's default privacy settings?
M$, Oracle pay up ? No, you pay them...
The first & last time I tried reporting something a basic DoS vulnerability in their VM/"File Cache" implementation to MS they wanted to charge me $128 for the priveledge. The bug remained in place in NT 4, and 2K. After that I gave up caring, but it looks to me as if that basic weakness may still be there in Vista and 7.
I have found the same kind of "shut up and give us your cash" mentality happening with Oracle too. I raised an SR for a trivially repeatable DoS in their .NET client library, complete with a half a dozen lines of code to replicate the fault. They have replicated the fault themselves and since March have done ... absolutely flip all (by their own admission I hasten to add).
The scene in Animal House where Kevin Bacon cries out "Thank you sir, please may I have another" comes to mind. You can substitute Larry Ellison for Niedermeyer.
Open Source ain't always perfect, but the support is as good as you can afford it to be, the same can't be said of many vendors, in particular M$ & Oracle.
Swallowed a Spider to catch the fly...
And they're now going to have to deal with literally millions of reports all from people trying to earn a quick buck reporting the same errors, or errors that don't exist etc.
Waste of time
Considering their recent problems with URL shortening and any links that refer back to imgur, it's almost impossible to tell the difference between their 'admin actions' and a legit bug; and when you do find something broken, stepping around their "whoops doesn't work" auto replies and actually trying to get someone to pay attention is a nightmare not worth bothering with. Facebook aren't interested in security, privacy, orbasic business ethics; stick to referral worms; if you have the skill do you really want to use them to make Facebook "better?"
I mean, this is a company where if you're interested In Keeping shit professional you need to subscribe to an external websites RSS just to keep abreast of what new, retarded feature has just been enabled by default this week.
Trollface, because this articles gotta be trollin
- Infosec geniuses hack a Canon PRINTER and install DOOM
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer