Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers
The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer,
Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.
Adhere to our Responsible Disclosure Policy:
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Remote Code Injection
Broken Authentication (including Facebook OAuth bugs)
Circumvention of our Platform permission model
A bug that allows the viewing of private user data
Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded
Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
Security bugs in third-party websites that integrate with Facebook
Security bugs in Facebook's corporate infrastructure
Denial of Service Vulnerabilities
Spam or Social Engineering technique
The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer,
Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.
According to Facebook -
"If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."Eligibility:-
To qualify for a bounty, you must:Adhere to our Responsible Disclosure Policy:
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Remote Code Injection
Broken Authentication (including Facebook OAuth bugs)
Circumvention of our Platform permission model
A bug that allows the viewing of private user data
Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Rewards:-
A typical bounty is $500 USDWe may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded
Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
Security bugs in third-party websites that integrate with Facebook
Security bugs in Facebook's corporate infrastructure
Denial of Service Vulnerabilities
Spam or Social Engineering technique
0 comments:
Post a Comment