Forwarded from: Simon Taplin <simon (at) simontaplin.net> http://www.businessweek.com/magazine/facebooks-reward-for-bug-hunters-01262012.html By Jordan Robertson Security BusinessWeek January 26, 2012 Tal Be’ery was happy helping Facebook fight hackers for free. In 2010, when the computer security professional was looking into how identity thieves, spammers, and other con artists used fake Facebook profiles to mount scams, he discovered a flaw that put new users’ passwords at risk of interception. So Be’ery did what ethical hackers are supposed to do: He ignored the payday he undoubtedly could get from selling the information to criminals and alerted Facebook, which quickly fixed the problem. In recognition, the world’s biggest social media company added Be’ery’s name to a public list of researchers who have responsibly disclosed Facebook bugs. At the time, that was reward enough for the Tel Aviv resident. Today the 32-year-old wishes he had something more tangible to show for his diligence—namely one of the debit cards Facebook began handing out to bug catchers in July. The Visa-branded (V) cards are loaded with as little as $500 or as much as $5,000—amounts vary depending on the severity of the bug. More important, the shiny black cards are brimming with geek cachet. There’s a whiff of exclusivity about them: Think American Express’s (AXP) by-invitation-only Centurion cards, which are also ebony. “That would be so great to get that,” says Be’ery. “To tell your grandchildren, ‘Papa was a hacker once.’ Just for the symbolic value.” The cheeky conceit behind Facebook’s debit cards underlines a serious issue. Technology companies are torn about how to engage with application developers or security researchers who spot bugs in the course of their professional work or hobbies. Many businesses ignore unsolicited tips from so-called white-hat hackers. Some even threaten them with legal action. Criminals, governments, and sketchy middlemen are willing to pay top dollar for the nastiest bugs—experts say black market prices can go as high as $1 million. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Sun Jan 29 2012 - 22:23:53 PST
This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 22:24:43 PST