Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
Lend me a tenner Reginaldo Silva….
…. still got another week till I get paid! I'll use the money to test my DDOS/SQL/Flux Capacitor injection technique on the beer pumps in my local. In theory it works, but I need to test it in the wild! ;)
Was Shulman wrong?
« Shulman said. "The fact that critical vulnerabilities still pop up in their application should serve as a warning sign to anyone who believes that writing vulnerability-free applications is possible." »
He should have seen the code of a certain former client of mine. That was pretty close to being unexploitable, seeing as most of the time it failed to even compile, let alone run.
Every time you add a new feature you're creating the possibility of a bug or vulnerability.
Most people think Facebook should just stop now, stabilise and fix all the holes. But nope, they have to add new features for their customers, the advertisers. Oh what's that? you thought you were the customer?
customer? victim more like
when i wondered onto face book I felt like a tourist who'd wondered into a red light district back street whilst looking for a hot dog vendor, what with all the sleazy adverts for Russian brides and other dodgy looking services. Constant probings of "so & so wants to be your friend" , "Are you the one looking for ..." , "tell us where you live..."
@AC Friday 24th January 2014 18:33 GMT Anonymous Coward
That's a strange socail media site you've created Dr. Falken. The only safe way move is not to use it.
- Analysis iPhone 6: The final straw for Android makers eaten alive by the data parasite?
- First Crack Man buys iPHONE 6 and DROPS IT to SMASH on PURPOSE
- First Fondle Register journo battles Sydney iPHONE queue, FONDLES BIG 'UN
- TOR users become FBI's No.1 hacking target after legal power grab
- Vid Reg bloke zips through an iPHONE 6 queue from ZERO to 60 SECONDS