Slashdot Mirror
Facebook Invites Hackers To Attack Its Network
An anonymous reader writes "Nearly a year ago, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. Still, when the social network's security team received a tip from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the corporate network. Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. It should, therefore, come as no surprise that Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there's a million-dollar bug, they will pay it out."
Annoying Facebook Games.
OK, so I'm the Facebook corp. and I run a cost vs. risk analysis and come up with the numbers and resulting decision we see here today. Clearly they have the money, and the relative risk plus technical infrastructure so they figure this works out for them.
OK, let's say I'm a Blackhat criminal hacker, poking around the Facebook network doing nasty stuff all the time, as best as I can, because this is what I do. And one day I get caught by Facebook or someone else along those lines. I am so busted. But wait, I can explain I was really a white hat all along, just trying to feed my family the best I can. Whatever happens next can't be too bad, and I'll live to fight another day. So then I figure capitalism rocks. Also maybe I'll see what Facebook offers when I really find a big hole worth exploiting.
Win, win, and so captilism = security?
There must be something I am not seeing here. Could such pure capitalism do something about all those evil Chinese and Russian and Ukranian hackers too? That which laws and police cannot really do very well at this time?
To look at this another way, the US/Israeli State Resources behind Flame and Stuxnet (etc.) seem to have been fairly successful doing harm.
You can't be ahead of the curve, if you're stuck in a loop.
I peed a little when I read compromise the integrity or privacy of Facebook user data. If they think that would be the result from a hack, then having an account means you are a hacker.
If you subscribe and don't use your real name, you must be a 1337 Hax0r
Don't fight for your country, if your country does not fight for you.
"Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. "
I really don't think that all hackers are greedy. While there are hackers who are willing to take the risks of selling hacks to criminals, there are probably many hackers who would be interested in exploring vulnerabilities for a modest legal reward.
I don't read your sig. Why are you reading mine?
I tried going to Facebook today, didn't come up so decided to checkout Slashdod since I could see other sites, I find this story about Facebook inviting hackers on DefCON weekend. Well, seems my DNS doesn't resolve them, is this widespread? C:\Users\r>ping facebook.com Ping request could not find host facebook.com. Please check the name and try again.
I don't have a PhD in English, but I don't need one to tell you "broadened" is the wrong tense. The second sentence should read, in part,
instead of the way it is currently written.
This has nothing to do with language "evolving" or grammar police; they made a mistake that breaks one of the syntax rules of the language, and it should be corrected.
I don't care why you're posting AC