Indian security researcher Arul Kumar has netted himself $12,500 after spotting a critical flaw in Facebook's image handling code that allowed anyone to delete pictures from the site at will. As he describes in a blog post, the crack requires two legitimate Facebook accounts to work, and is exploited by the way the Facebook …
Getting their attention.
The way to REALLY get facebook's attention is to post the flaw on Youtube.;)
Re: Getting their attention.
Nah, the way to REALLY get Facebook's attention would have been to delete ALL photos from Facebook.
Advice for the Supreme Leader
It seems the Facebook security team should be fired ASAP to the last man (and woman).
In case they do not care enough for their jobs, their Facebook accounts should be deleted as an additional penalty.
Re: Advice for the Supreme Leader
I thought Facebook was poaching Google people as it was such a "great" place to work. I guess as I suspected QA work sucks everywhere.
Re: Advice for the Supreme Leader
@arctic_haze: have an upvote. Data loss should be taken seriously. if they're going to say that after 40 minutes they can't see it, at least they took time to look at it. If they didn't ask for more details to work out the bug, then that's a problem.
facebook may be paying $12,500 for bugs
but I'm paying $15,000
I realize that a lot of developers leave a lot to be desired in the documentation department so maybe the researcher didn't describe the flaw wonderfully. But if your 'crack team of severity specialists' have to have a DIY video to fix something I guarantee there are a lot more $12k bugs waiting to be
exploited discovered and fixed.
Just make sure to send a video when you do find them.
Although 'severity specialists' has a nice ring to it. Maybe I'll make that a new position. Either in legal or accounting. Those guys are always so severe.
Need and appreciate are two very different words. If I was fielding bug reports from users, screenshots and videos would be wonderful.
Except the video would be either full desktop resolution saved as AVI and attached to the email, or 320x240 pixelated rubbish, of course, based on most users!
Most bug report "screenshots" I get are images pasted into a version of MS Word I can't open. They usually get the "unable to reproduce" flag.
I get it. You have a problem that you can solve, but if you solve it you will then have more work to do. It serves you better to use it as an excuse. Are you a public servant, by any chance?
I read the e-mails
I don't think that either of the people is a native English speaker.
So remember the last time you tried to use a badly translated manual...
I think that may be why they didn't understand.
Either that, or they wanted to avoid paying the prize money for the bug. I hope it wasn't that.
I'd pass on the money
If I could figure out how to replace Zuck's photo with that of a warthog, I doubt they could pay me enough to make it worthwhile to not do it.
Deleting is cool
But "replacing" is the holy grail
Re: Deleting is cool
I imagine you could find two bugs that are innocuous individually but when combined could replace photos or something of that nature.
- iPad? More like iFAD: Now we know why Apple ran off to IBM
- +Analysis Microsoft: We're building ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – on PCs, slabs and mobes
- Major problems beset UK ISP filth filters: But it's OK, nobody uses them