Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Invites Hackers To Attack Its Network

Posted by Soulskill on from the you-come-at-the-king-you-best-not-miss dept.

An anonymous reader writes "Nearly a year ago, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. Still, when the social network's security team received a tip from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the corporate network. Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. It should, therefore, come as no surprise that Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there's a million-dollar bug, they will pay it out."

2 of 157 comments (clear)

  1. There's a bug by vawarayer · · Score: 3, Funny

    Annoying Facebook Games.

  2. Fairly cynical view... by mspohr · · Score: 5, Insightful

    "Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. "
    I really don't think that all hackers are greedy. While there are hackers who are willing to take the risks of selling hacks to criminals, there are probably many hackers who would be interested in exploring vulnerabilities for a modest legal reward.

    --
    I don't read your sig. Why are you reading mine?