nsane.forums Posted July 29, 2011 Share Posted July 29, 2011 With a new Security Bug Bounty program, Facebook plans to shell out $500 for security bugs "that could compromise the integrity or privacy of Facebook user data." As it struggles to cope with a surge in malicious hacker attacks against its massive user base, Facebook has joined a growing list of companies offering cash to hackers who responsibly report security vulnerabilities found on its web site. With the new Security Bug Bounty program, Facebook plans to shell out $500 for security bugs "that could compromise the integrity or privacy of Facebook user data." The following types of vulnerabilities could qualify for the bounty: Cross-Site Request Forgery (CSRF/XSRF)Cross-Site Scripting (XSS)Remote Code InjectionNews of Facebook's bug bounty program comes amidst reports that a CSRF vulnerability is being actively exploited to trick users of the social network into spreading a survey scam via a series of social engineering tricks.Facebook users are inundated with malicious attacks that exploit clickjacking/likejacking, cross-site scripting, CSRF and other Web-app vulnerabilities and the company hopes the new bug bounty program will help improve the quality of its code. To qualify for a Facebook cash reward, security researches must adhere to the company's Responsible Disclosure Policy and agree to give Facebook "reasonable time to respond" before making any information public. Researchers must also make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service. Although a typical bounty is set at $500, Facebook says it may increase the reward for specific, high-impact vulnerabilities. The following bugs aren't eligible for a bounty: Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name]) Security bugs in third-party websites that integrate with Facebook Security bugs in Facebook's corporate infrastructure Denial of Service Vulnerabilities Spam or Social Engineering techniquesMozilla, Google and Barracuda Networks are among companies offering cash rewards for security holes in software products and Web sites. View: Original Article Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted July 29, 2011 Administrator Share Posted July 29, 2011 So they are planning to go bankrupt. :troll: Link to comment Share on other sites More sharing options...
nuthut Posted July 30, 2011 Share Posted July 30, 2011 loading up facebook is a security risk by itself... actually doing something inside facebook magnifies it 10 fold Link to comment Share on other sites More sharing options...
T0nyB Posted July 30, 2011 Share Posted July 30, 2011 loading up facebook is a security risk by itself... actually doing something inside facebook magnifies it 10 foldAren't we sarcastic? :D Idk, I've never had problems in my life, caused by Facebook. You just have to stay away from fishy things there (of course I pretty much just play there all the time and look what my friends have done, from time to time...) No need to be too paranoid, :P Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted July 30, 2011 Administrator Share Posted July 30, 2011 Something underground hackers know and exploit. There are lot and lot of of Facebook vulnerabilities out there that gets fixed and exploited everyday.. But that's not enough. Facebook knows this very well, hence they have taken this move. ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.