back to article Hacker cracks Facebook with remote code execution bug

Facebook has paid US$40,000 to vulnerability hunter Andrew Leonov for disclosing how the hacker gained remote code execution on its servers through the widely-reported ImageMagick flaw. Leonov (@4lemon) described how he discovered the so-called ImageTragick flaw still impacting Facebook in a post that detailed all but the most …

Anonymous Coward

Found a vulnerability

Facebook can harvest all your data and sell it. Where do I collect my bounty?

8
0

Re: Found a vulnerability

Oh didn't you know? That's a feature.

3
0
Anonymous Coward

Re: Found a vulnerability

It can only collect what you willfully place on it.

You can harvest all of my cat photos and sarcastic comments on "friends" from school who I avoided the instant I left.

I've still no idea why so many people (my wife included) spend so much time/effort on it.

3
4
Anonymous Coward

Re: Found a vulnerability

What about all the web beacons that collect 80% of your web browsing history, unless you specifically install a addon to block those connections?

2
0
Silver badge
Big Brother

Re: Found a vulnerability

It can only collect what you willfully place on it.

...

I've still no idea why so many people (my wife included) spend so much time/effort on it

So your last statement is a confirmation of the first in that you just don't get it? Fair enough. It's like this: FB promises hours of free mindless entertainment and encourages users to give up everything about themselves under the guise of allowing them to keep up with their friends, to confirm their pre-existing biases and to look at memes. They then take all the information they harvest, with or without their users' knowledge, and sell it over and over. People are good with this because mindless is mindless, after all. It's easy to take advantage of folks if they think they are getting something for free. If there is nothing physical for them to see being taken from them, they will never notice the loss.

3
0
LDS
Silver badge

Bugs of Greed...

Billions around, and they exploit another open source library without even giving a look to the code...

0
1
Anonymous Coward

Can't believe they still use it...

I thought Facebook was all about efficiency and scaling and they're still using ImageMagick? It's slow and uses way too much memory.

0
2
Silver badge

Re: Can't believe they still use it...

@ac

Easy target!

Please, enlighten us, what do you use ? Hoembrew?

1
1
Anonymous Coward

Re: Can't believe they still use it...

vips, which instead of using 500MB+ of memory and often leaving working files of 2GB behind, just gets on with it in a few MB of memory and less CPU cycles.

1
0
Silver badge

Re: Can't believe they still use it...

http://www.vips.ecs.soton.ac.uk/index.php?title=Speed_and_Memory_Use

1
0

It can only collect what you willfully place on it.

Or perhaps, things you don't willfully place on it. Like your contact info scraped from a friends list. Not a FB user? Who gives a shit, we have your info anyway and what are you going to do about it?

0
1
Anonymous Coward

How's that again? How can it scrap stuff from someone who doesn't use the service? You make it sound like it's going to build my profile up whether I like it or not. I'm not on there, so none of my "personal info" is going to be directly available. Even indirectly is not achieved because if someone adds me to a list as a entity, there is no way to link to anything. I'm simply not on there.

You are making a great case for making sure to take your medications before commenting on news on the webnets! Take your meds. Get some clarity, or fog, whatever it is that causes your neurons to actually make some synaptic contact. Get it together, Johnny!

0
0
Silver badge

It's a sad state of affairs when "the tools could be abused to allow attackers to upload malicious images that grant remote code execution from where various further compromise, data exfiltration, and lateral movement may be possible."

Still, in 2017.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018