Facebook security bug bounty


Facebook is the most recent company to come to the bug-bounty party, officially announcing recently that-

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”
Here’s how it works:

Eligibility:
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Remote Code Injection.
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Facebook security team will assess each bug to determine if qualifies.


Rewards:

  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded

Exclusions:
The following bugs aren’t eligible for a bounty:
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook’s corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques

Comments

Post a Comment

Popular posts from this blog

How to Test Suspicious Links Before Clicking Them

Links can be compared to a mystery box: you never know what lies there until you open it. A wise person should treat links with caution. One never knows the rabbit hole a link could lead to. Caution is of utmost importance. Well, as an internet user, you can’t completely steer clear of links. You see them every day, and quite frankly, they’re enticing you to click. If you ever find a link suspicious, there are a few ways to test it: Hover over hyperlinks If you are don't know a hyperlink is secure or not, then hover the mouse cursor over the text to uncover the address. Then you can click later, if the address is legitimate. Note that phishing scams links use domain names which are similar to legitimate sites. Observance is the key to catching any frauds. For example, a phishing scam targeting this website may use something like  www.abc-hack-news.com , which appears similar to the real thing. It’s actually  www.latesthackingnews.com . Note the differences. Hovering ov...
Read more

Download Windows RT Jailbreak Tool To Run Unsigned Apps

Image
    As we reported to you a few days ago, a  group  of software creators  managed to bypass Windows RT’s restrictions  and run unsigned desktop applications on the operating system, basically opening the door to a whole new world of jailbreaking tools. Even though the whole process of jailbreaking Windows RT was pretty complicated, it was only a matter of time before someone came up with a dedicated solution supposed to perform this task all by itself. Now XDA Developers user “netham45” has released  a batch file  that does the entire jailbreaking process  automatically , so it modifies the Windows RT system kernel without user interaction. Even though the software developer admits that some users might get a BSOD after launching the application, he says that everything should work just fine on all Windows RT tablets, including Microsoft’s Surface RT. At this point, there are only a few software solutions available on a jailbroken Windows ...
Read more

How to Crack wifi network’s password (WEP)

Image
Wireless Hacking Using Backtrack Introduction Hello and welcome to my tutorial about wireless networking. Today I’ll be teaching you how easy it is to obtain access to a wireless protected network by  cracking the Wi-Fi network’s password. There are lots of questions coming from the beginners on how to get  WEP/WPA/WPA2   password and accessing neighbor’s connection. I will be covering all of the aspects and ways of hacking a network and gaining access to the router. How to crack WEP Password What u need to succeed ? A compatible wireless adapter —This is the biggest requirement. You’ll need a wireless adapter that’s capable of packet injection, and chances are the one in your computer is not. A BACKTRACK CD- Download yourself a copy of the CD and burn it, or load it up in VMware to get started. A nearby WEP-enabled Wi-Fi network.  The signal should be strong and ideally people are using it, connecting and disconnecting their devices f...
Read more