Facebook coughs up $33.5k... its BIGGEST bug bounty EVER Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
« Shulman said. "The fact that critical vulnerabilities still pop up in their application should serve as a warning sign to anyone who believes that writing vulnerability-free applications is possible." »
He should have seen the code of a certain former client of mine. That was pretty close to being unexploitable, seeing as most of the time it failed to even compile, let alone run.
Every time you add a new feature you're creating the possibility of a bug or vulnerability.
Most people think Facebook should just stop now, stabilise and fix all the holes. But nope, they have to add new features for their customers, the advertisers. Oh what's that? you thought you were the customer?
when i wondered onto face book I felt like a tourist who'd wondered into a red light district back street whilst looking for a hot dog vendor, what with all the sleazy adverts for Russian brides and other dodgy looking services. Constant probings of "so & so wants to be your friend" , "Are you the one looking for ..." , "tell us where you live..."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
