Feeds

back to article Researcher bags $12,500 after showing how to hack Zuck's pics

Indian security researcher Arul Kumar has netted himself $12,500 after spotting a critical flaw in Facebook's image handling code that allowed anyone to delete pictures from the site at will. As he describes in a blog post, the crack requires two legitimate Facebook accounts to work, and is exploited by the way the Facebook …

COMMENTS

This topic is closed for new posts.
Bronze badge
Happy

Getting their attention.

The way to REALLY get facebook's attention is to post the flaw on Youtube.;)

3
0
Go

Re: Getting their attention.

Nah, the way to REALLY get Facebook's attention would have been to delete ALL photos from Facebook.

4
0

This post has been deleted by its author

Advice for the Supreme Leader

It seems the Facebook security team should be fired ASAP to the last man (and woman).

In case they do not care enough for their jobs, their Facebook accounts should be deleted as an additional penalty.

7
0
Silver badge

Re: Advice for the Supreme Leader

I thought Facebook was poaching Google people as it was such a "great" place to work. I guess as I suspected QA work sucks everywhere.

0
0

Re: Advice for the Supreme Leader

@arctic_haze: have an upvote. Data loss should be taken seriously. if they're going to say that after 40 minutes they can't see it, at least they took time to look at it. If they didn't ask for more details to work out the bug, then that's a problem.

0
0
Anonymous Coward

facebook may be paying $12,500 for bugs

but I'm paying $15,000

5
0
Silver badge

DIY

I realize that a lot of developers leave a lot to be desired in the documentation department so maybe the researcher didn't describe the flaw wonderfully. But if your 'crack team of severity specialists' have to have a DIY video to fix something I guarantee there are a lot more $12k bugs waiting to be exploited discovered and fixed.

Just make sure to send a video when you do find them.

0
0
Silver badge
Happy

Re: DIY

Security specialists....

Although 'severity specialists' has a nice ring to it. Maybe I'll make that a new position. Either in legal or accounting. Those guys are always so severe.

0
0
JDX
Gold badge

Re: DIY

Need and appreciate are two very different words. If I was fielding bug reports from users, screenshots and videos would be wonderful.

Except the video would be either full desktop resolution saved as AVI and attached to the email, or 320x240 pixelated rubbish, of course, based on most users!

0
0
Silver badge

Re: DIY

Most bug report "screenshots" I get are images pasted into a version of MS Word I can't open. They usually get the "unable to reproduce" flag.

0
4
Bronze badge

Re: DIY

I get it. You have a problem that you can solve, but if you solve it you will then have more work to do. It serves you better to use it as an excuse. Are you a public servant, by any chance?

3
0
Bronze badge

I read the e-mails

I don't think that either of the people is a native English speaker.

So remember the last time you tried to use a badly translated manual...

I think that may be why they didn't understand.

Either that, or they wanted to avoid paying the prize money for the bug. I hope it wasn't that.

0
0

I'd pass on the money

If I could figure out how to replace Zuck's photo with that of a warthog, I doubt they could pay me enough to make it worthwhile to not do it.

5
0
Anonymous Coward

Deleting is cool

But "replacing" is the holy grail

Bwaaahahahaaaa

2
0

Re: Deleting is cool

I imagine you could find two bugs that are innocuous individually but when combined could replace photos or something of that nature.

0
0
This topic is closed for new posts.