.

He obviously doesn't / didn't get the memo...

<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 20, 2012 9:48 am

He obviously doesn't / didn't get the memo...

http://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

While his intentions may have been 'good,' he obviously missed the memo about how to do it, ethically (ie- get written, signed permission, and have your 'get out of jail' card.)  Just can't go hacking systems on your own, without legalities taken care of, and expect to NOT get busted...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Mon Feb 20, 2012 10:19 am

Re: He obviously doesn't / didn't get the memo...

Doesn't Facebook have a bug bounty program setup for people who find vulnerabilities?
GSEC, eCPPT, Sec+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 20, 2012 10:28 am

Re: He obviously doesn't / didn't get the memo...

Unsure, but if they do, they're probably like most others, and have restrictions on what parts of the site are in scope or not, as well as even finding a bug doesn't mean get in and then continue to go deeper.  They'd usually ask that you report your initial way in, allow them to fix, then proceed.

This kid found a bug, but then continued to dive deeper.  He's not doing scoped / contracted pentesting.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software