Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Facebook doubles the money it will pay for users who report security flaws

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 17, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Facebook said publicly late yesterday that it has doubled the money it will pay out to users who report security flaws in its advertising code.

The reward will rise in a bid to entice hackers to report bugs found in its ads code following an internal security audit that discovered an undisclosed number of vulnerabilities in its code.

Security engineer Collin Greene said Facebook will double bug payouts until Dec. 31, 2014.

"Starting today and extending through the end of 2014, all whitehat bugs in our ads code will receive double bounties," Greene wrote in a post.

"We found and fixed a number of security bugs but would like to encourage additional scrutiny from White hats to see what we might have missed. Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them," Greene added.

Facebook recently squashed flaws including the ability to repeatedly redeem ad coupons, pull names of unpublished pages, read arbitrary local files, and inject JavaScript into an ads report email and through cross site request forgery (CSRF) force victims to send malicious emails to targets.

The organization has to date paid out some US $3 million in bug bounties including $33,500 award for a remote code execution external entity (XXE) security vulnerability.

Greene offered some tips including that common security bugs like cross site scripting would probably not be present in ads code.

Pundits would gain more win by targeting missing or incorrect permissions checks, insufficient rate-limiting leading to scraping, edge-case CSRF issues, and issues with flash files.

Not to be outdone, Yahoo has touted its recent HackerOne bug bounty that has since paid out $700,000 to 600 security researchers.

It also comes as Facebook is reported to be introducing a Safety Check feature that sends push notifications to users travelling in known disaster areas.

Troubled travellers would then need to verify their safety. If they reported themselves as being in danger, a notice will be posted to their feed.

Source: Facebook.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer