HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests and 3 members online
 
Advertisement

You are here: Home arrow EH-Netarrow News Items and General Discussion About EH-Netarrow He obviously doesn't / didn't get the memo...
EH-Net
May 24, 2013, 08:33:07 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: He obviously doesn't / didn't get the memo...  (Read 1303 times)
0 Members and 1 Guest are viewing this topic.
hayabusa
Hero Member
*****
Offline Offline

Posts: 1633



View Profile
« on: February 20, 2012, 08:48:53 AM »
http://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

While his intentions may have been 'good,' he obviously missed the memo about how to do it, ethically (ie- get written, signed permission, and have your 'get out of jail' card.)  Just can't go hacking systems on your own, without legalities taken care of, and expect to NOT get busted...
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #1 on: February 20, 2012, 09:19:48 AM »
Doesn't Facebook have a bug bounty program setup for people who find vulnerabilities?
Logged
GSEC, eCPPT, Sec+
hayabusa
Hero Member
*****
Offline Offline

Posts: 1633



View Profile
« Reply #2 on: February 20, 2012, 09:28:01 AM »
Unsure, but if they do, they're probably like most others, and have restrictions on what parts of the site are in scope or not, as well as even finding a bug doesn't mean get in and then continue to go deeper.  They'd usually ask that you report your initial way in, allow them to fix, then proceed.

This kid found a bug, but then continued to dive deeper.  He's not doing scoped / contracted pentesting.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.604 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.