Indian security researcher Arul Kumar has netted himself $12,500 after spotting a critical flaw in Facebook's image handling code that allowed anyone to delete pictures from the site at will. As he describes in a blog post, the crack requires two legitimate Facebook accounts to work, and is exploited by the way the Facebook …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 3rd September 2013 19:40 GMT channel extended

Getting their attention.

The way to REALLY get facebook's attention is to post the flaw on Youtube.;)

3 0
1. Wednesday 4th September 2013 00:22 GMT Euripides Pants
  
  Re: Getting their attention.
  
  Nah, the way to REALLY get Facebook's attention would have been to delete ALL photos from Facebook.
  
  4 0
  1. This post has been deleted by its author
Tuesday 3rd September 2013 19:52 GMT arctic_haze

Advice for the Supreme Leader

It seems the Facebook security team should be fired ASAP to the last man (and woman).

In case they do not care enough for their jobs, their Facebook accounts should be deleted as an additional penalty.

7 0
1. Tuesday 3rd September 2013 20:34 GMT asdf
  
  Re: Advice for the Supreme Leader
  
  I thought Facebook was poaching Google people as it was such a "great" place to work. I guess as I suspected QA work sucks everywhere.
  
  0 0
2. Wednesday 4th September 2013 08:48 GMT an it guy
  
  Re: Advice for the Supreme Leader
  
  @arctic_haze: have an upvote. Data loss should be taken seriously. if they're going to say that after 40 minutes they can't see it, at least they took time to look at it. If they didn't ask for more details to work out the bug, then that's a problem.
  
  0 0
Tuesday 3rd September 2013 19:52 GMT Anonymous Coward

facebook may be paying $12,500 for bugs

but I'm paying $15,000

5 0
Tuesday 3rd September 2013 20:08 GMT Don Jefe

DIY

I realize that a lot of developers leave a lot to be desired in the documentation department so maybe the researcher didn't describe the flaw wonderfully. But if your 'crack team of severity specialists' have to have a DIY video to fix something I guarantee there are a lot more $12k bugs waiting to be ~~exploited~~ discovered and fixed.

Just make sure to send a video when you do find them.

0 0
1. Tuesday 3rd September 2013 20:27 GMT Don Jefe
  
  Re: DIY
  
  Security specialists....
  
  Although 'severity specialists' has a nice ring to it. Maybe I'll make that a new position. Either in legal or accounting. Those guys are always so severe.
  
  0 0
2. Tuesday 3rd September 2013 20:34 GMT JDX
  
  Re: DIY
  
  Need and appreciate are two very different words. If I was fielding bug reports from users, screenshots and videos would be wonderful.
  
  Except the video would be either full desktop resolution saved as AVI and attached to the email, or 320x240 pixelated rubbish, of course, based on most users!
  
  0 0
  1. Tuesday 3rd September 2013 22:09 GMT Gene Cash
    
    Re: DIY
    
    Most bug report "screenshots" I get are images pasted into a version of MS Word I can't open. They usually get the "unable to reproduce" flag.
    
    0 4
    1. Wednesday 4th September 2013 08:01 GMT poopypants
      
      Re: DIY
      
      I get it. You have a problem that you can solve, but if you solve it you will then have more work to do. It serves you better to use it as an excuse. Are you a public servant, by any chance?
      
      3 0
3. Wednesday 4th September 2013 10:44 GMT Robert Carnegie
  
  I read the e-mails
  
  I don't think that either of the people is a native English speaker.
  
  So remember the last time you tried to use a badly translated manual...
  
  I think that may be why they didn't understand.
  
  Either that, or they wanted to avoid paying the prize money for the bug. I hope it wasn't that.
  
  0 0
Tuesday 3rd September 2013 21:46 GMT Len Goddard

I'd pass on the money

If I could figure out how to replace Zuck's photo with that of a warthog, I doubt they could pay me enough to make it worthwhile to not do it.

5 0
Wednesday 4th September 2013 04:48 GMT Anonymous Coward

Deleting is cool

But "replacing" is the holy grail

Bwaaahahahaaaa

2 0
1. Wednesday 4th September 2013 17:36 GMT The Alpha Klutz
  
  Re: Deleting is cool
  
  I imagine you could find two bugs that are innocuous individually but when combined could replace photos or something of that nature.
  
  0 0