Facebook has paid $ 15,000 to close a bug

Facebook has paid $ 15,000 to close a bug that could unblock account of any customer

The slid month, a investigator of safety, Anand Prakash, has discovered an important defect in safety of the system of Facebook. It is itself uncovered that when an account is reset, Facebook sends to a pin data to 6 figures for the telephone of the customer, using such pin data like a password temporary, while the account is annulled. But if Facebook normally blocks the account after ten or twelve wrong breakings in of the password, Prakash has noticed that these protections were lacking on beta.facebook.com, where the developers often implements new functionalities that are not still opportunely shaped for facebook.com. But from the moment that every account of Facebook is available also on beta.facebook.com, potential the turning out bug left to overflow the page with access pin data, with the possibility to violate practically any active account.

The bug has been the result of a change lies in wait for to the page beta before little days, and it does not seem to be wide taken advantage of before it was uncovered from Prakash. Nevertheless, draft of a serious problem of safety, and exactly the type of I attack that the neutralizzatori of bug are called to resolve. Prakash has written up a relationship on this type of leak and the functionalities that are able to resolve it, and the day after, the society of it has confirmed the execution. Eight days after, Facebook has assigned $ to it 15,000 in order to have marked the problem.

An other case of survival of a particularly short bug, but like many companies, also Facebook adds of the “sizes” in order to characterize bug that are estimated based on the risk and to their complexity. If the anomaly characterized from Prakash wide has been diffused in the site of Facebook, it could have primed diffuse attacks of customers, being profitable this leak between most dangerous between those which a investigator could find.

“One of the more benefits effects of the initiative of the “sizes”, it is that to make to find eventual problems in the system still that before sure application they reach the production”, Facebook in an official notice has declared. “We are happy for recognizing and for rewarding Anand Prakash for the excellent relation.” Facebook has more lavished than 4,3 million distributed $ between more than 800 investigators from when the initiative “bug bounty” has had beginning in 2011.