I’m appalled at FTA since some industries rely on it for “secure” transfer.
Also it’s only mentioned in the timeline but the tester got $10,000 for their report. Nice!!
Probably saving FB millions.
Probably not, methinks. I am fairly convinced by the argument that these bugs are not worth as much as people seem to think they are.
While I’m sure this has been debated enough and I don’t have nearly enough data to decide if the vulnerability is worth $10,000 or not but I think it’s important not to compare the value of a vulnerability on an open market to the value of the vulnerability to Facebook itself.
The right attack on Facebook may not provide much financial gain to the attacker but would cost Facebook plenty in terms of credibility and customer trust.
This argument unfortunately comes pretty close to extortion. It sure would be a shame for me to throw this rock through your window. How much would you like to buy my rock for? Nobody else will offer me anything at all, but I think you’re just the buyer I’m looking for.
I don’t think so either. Facebook is widely hated, but that doesn’t mean it’s not widely used. They can afford a lot of hatred because they are so big.
This is like the 3rd hack I’ve seen that attacks the side networks of Facebook, instead of attacking “head on”. So awesome. Good job to this guy. Makes me think anyone (obviously who has experience with unix-like systems and web technology) who was actually looking could’ve found this.