TechEcho

10 comments

bdcravensover 11 years ago

Should the title be updated to reflect that this is 2+ months old? After all, the fix was put in place in a couple of hours. This isn't a current bug, but rather, an excellent post-mortem, but the title suggests present tense.

评论 #6578945 未加载

评论 #6579591 未加载

评论 #6579395 未加载

ryhansonover 11 years ago

How much did you get for this bug via their bug bounty program?

评论 #6578871 未加载

评论 #6578819 未加载

评论 #6578820 未加载

评论 #6578854 未加载

himalover 11 years ago

I'm surprised that it took this long to discover this.I wonder how many this type of exploits are still out there.

评论 #6578948 未加载

RexRollmanover 11 years ago

I don't like Facebook but I have to give them credit for addressing this so quickly.

debtover 11 years ago

That's a pretty amateur mistake for a such an enormous company. Made respect for FB, but c'mon, how'd this slip through? This was a very trivial exploit.

评论 #6578843 未加载

评论 #6578811 未加载

评论 #6579183 未加载

评论 #6579536 未加载

franjkovicover 11 years ago

You can read about all kinds of bugs and "bugs" I found in bounty programs on my old blog, too <a href="http://josipfranjkovic.blogspot.com/" rel="nofollow">http://josipfranjkovic.blogspot.com/</a>

gedenover 11 years ago

Interestingly several of my wife's hotmail using Facebook friends accounts appeared to have been owned last night. Has someone found a new similar exploit?

评论 #6580998 未加载

评论 #6579250 未加载

bonoboover 11 years ago

Something I don't get, why is a hotmail account a pre-requisite? Wouldn't this work with any other email account?

评论 #6580774 未加载

b0b0b0bover 11 years ago

Are there researchers out there testing whether facebook regresses security fixes?<p>Or would the effort not procure enough reward?

ryansanover 11 years ago

Did anyone else notice that the site and social networking properties were all put up at the same time as the post (roughly)? Good tactic for starting a business.

10 comments

bdcravensover 11 years ago

评论 #6578945 未加载

评论 #6579591 未加载

评论 #6579395 未加载

ryhansonover 11 years ago

How much did you get for this bug via their bug bounty program?

评论 #6578871 未加载

评论 #6578819 未加载

评论 #6578820 未加载

评论 #6578854 未加载

himalover 11 years ago

I'm surprised that it took this long to discover this.I wonder how many this type of exploits are still out there.

评论 #6578948 未加载

RexRollmanover 11 years ago

I don't like Facebook but I have to give them credit for addressing this so quickly.

debtover 11 years ago

That's a pretty amateur mistake for a such an enormous company. Made respect for FB, but c'mon, how'd this slip through? This was a very trivial exploit.

评论 #6578843 未加载

评论 #6578811 未加载

评论 #6579183 未加载

评论 #6579536 未加载

franjkovicover 11 years ago

You can read about all kinds of bugs and "bugs" I found in bounty programs on my old blog, too <a href="http://josipfranjkovic.blogspot.com/" rel="nofollow">http://josipfranjkovic.blogspot.com/</a>

gedenover 11 years ago

Interestingly several of my wife's hotmail using Facebook friends accounts appeared to have been owned last night. Has someone found a new similar exploit?

评论 #6580998 未加载

评论 #6579250 未加载

bonoboover 11 years ago

Something I don't get, why is a hotmail account a pre-requisite? Wouldn't this work with any other email account?

评论 #6580774 未加载

b0b0b0bover 11 years ago

Are there researchers out there testing whether facebook regresses security fixes?<p>Or would the effort not procure enough reward?

ryansanover 11 years ago

Did anyone else notice that the site and social networking properties were all put up at the same time as the post (roughly)? Good tactic for starting a business.

Facebook CSRF leading to full account takeover (fixed)

10 comments

Facebook CSRF leading to full account takeover (fixed)

10 comments