Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
Lend me a tenner Reginaldo Silva….
…. still got another week till I get paid! I'll use the money to test my DDOS/SQL/Flux Capacitor injection technique on the beer pumps in my local. In theory it works, but I need to test it in the wild! ;)
Was Shulman wrong?
« Shulman said. "The fact that critical vulnerabilities still pop up in their application should serve as a warning sign to anyone who believes that writing vulnerability-free applications is possible." »
He should have seen the code of a certain former client of mine. That was pretty close to being unexploitable, seeing as most of the time it failed to even compile, let alone run.
Every time you add a new feature you're creating the possibility of a bug or vulnerability.
Most people think Facebook should just stop now, stabilise and fix all the holes. But nope, they have to add new features for their customers, the advertisers. Oh what's that? you thought you were the customer?
customer? victim more like
when i wondered onto face book I felt like a tourist who'd wondered into a red light district back street whilst looking for a hot dog vendor, what with all the sleazy adverts for Russian brides and other dodgy looking services. Constant probings of "so & so wants to be your friend" , "Are you the one looking for ..." , "tell us where you live..."
@AC Friday 24th January 2014 18:33 GMT Anonymous Coward
That's a strange socail media site you've created Dr. Falken. The only safe way move is not to use it.
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- Put down that Oracle database patch: It could cost $23,000 per CPU
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- Bose says today IS F*** With Dre Day: Beats sued in patent battle