back to article Facebook coughs up $33.5k... its BIGGEST bug bounty EVER

Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …

COMMENTS

This topic is closed for new posts.
Pint

Lend me a tenner Reginaldo Silva….

…. still got another week till I get paid! I'll use the money to test my DDOS/SQL/Flux Capacitor injection technique on the beer pumps in my local. In theory it works, but I need to test it in the wild! ;)

0
1
Anonymous Coward

Was Shulman wrong?

« Shulman said. "The fact that critical vulnerabilities still pop up in their application should serve as a warning sign to anyone who believes that writing vulnerability-free applications is possible." »

He should have seen the code of a certain former client of mine. That was pretty close to being unexploitable, seeing as most of the time it failed to even compile, let alone run.

1
1
Anonymous Coward

Every time you add a new feature you're creating the possibility of a bug or vulnerability.

Most people think Facebook should just stop now, stabilise and fix all the holes. But nope, they have to add new features for their customers, the advertisers. Oh what's that? you thought you were the customer?

5
1
Anonymous Coward

customer? victim more like

when i wondered onto face book I felt like a tourist who'd wondered into a red light district back street whilst looking for a hot dog vendor, what with all the sleazy adverts for Russian brides and other dodgy looking services. Constant probings of "so & so wants to be your friend" , "Are you the one looking for ..." , "tell us where you live..."

2
1
Silver badge

@AC Friday 24th January 2014 18:33 GMT Anonymous Coward

That's a strange socail media site you've created Dr. Falken. The only safe way move is not to use it.

0
1
This topic is closed for new posts.

Forums