Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
Lend me a tenner Reginaldo Silva….
…. still got another week till I get paid! I'll use the money to test my DDOS/SQL/Flux Capacitor injection technique on the beer pumps in my local. In theory it works, but I need to test it in the wild! ;)
Was Shulman wrong?
« Shulman said. "The fact that critical vulnerabilities still pop up in their application should serve as a warning sign to anyone who believes that writing vulnerability-free applications is possible." »
He should have seen the code of a certain former client of mine. That was pretty close to being unexploitable, seeing as most of the time it failed to even compile, let alone run.
Every time you add a new feature you're creating the possibility of a bug or vulnerability.
Most people think Facebook should just stop now, stabilise and fix all the holes. But nope, they have to add new features for their customers, the advertisers. Oh what's that? you thought you were the customer?
customer? victim more like
when i wondered onto face book I felt like a tourist who'd wondered into a red light district back street whilst looking for a hot dog vendor, what with all the sleazy adverts for Russian brides and other dodgy looking services. Constant probings of "so & so wants to be your friend" , "Are you the one looking for ..." , "tell us where you live..."
@AC Friday 24th January 2014 18:33 GMT Anonymous Coward
That's a strange socail media site you've created Dr. Falken. The only safe way move is not to use it.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers
- Kate Bush: Don't make me HAVE CONTACT with your iPHONE