[ISN] Facebook's Reward for Bug Hunters

From: InfoSec News <alerts_at_private>
Date: Mon, 30 Jan 2012 00:23:53 -0600 (CST)
Forwarded from: Simon Taplin <simon (at) simontaplin.net>

http://www.businessweek.com/magazine/facebooks-reward-for-bug-hunters-01262012.html

By Jordan Robertson
Security
BusinessWeek
January 26, 2012

Tal Be’ery was happy helping Facebook fight hackers for free. In 2010, 
when the computer security professional was looking into how identity 
thieves, spammers, and other con artists used fake Facebook profiles to 
mount scams, he discovered a flaw that put new users’ passwords at risk 
of interception.

So Be’ery did what ethical hackers are supposed to do: He ignored the 
payday he undoubtedly could get from selling the information to 
criminals and alerted Facebook, which quickly fixed the problem. In 
recognition, the world’s biggest social media company added Be’ery’s 
name to a public list of researchers who have responsibly disclosed 
Facebook bugs.

At the time, that was reward enough for the Tel Aviv resident. Today the 
32-year-old wishes he had something more tangible to show for his 
diligence—namely one of the debit cards Facebook began handing out to 
bug catchers in July. The Visa-branded (V) cards are loaded with as 
little as $500 or as much as $5,000—amounts vary depending on the 
severity of the bug. More important, the shiny black cards are brimming 
with geek cachet. There’s a whiff of exclusivity about them: Think 
American Express’s (AXP) by-invitation-only Centurion cards, which are 
also ebony. “That would be so great to get that,” says Be’ery. “To tell 
your grandchildren, ‘Papa was a hacker once.’ Just for the symbolic 
value.”

The cheeky conceit behind Facebook’s debit cards underlines a serious 
issue. Technology companies are torn about how to engage with 
application developers or security researchers who spot bugs in the 
course of their professional work or hobbies. Many businesses ignore 
unsolicited tips from so-called white-hat hackers. Some even threaten 
them with legal action. Criminals, governments, and sketchy middlemen 
are willing to pay top dollar for the nastiest bugs—experts say black 
market prices can go as high as $1 million.

[...]

_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Sun Jan 29 2012 - 22:23:53 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 22:24:43 PST