Aw...
Couldn't he have just done it "because he could"?
The record for the youngest security researcher getting paid by Facebook’s bug bounty scheme has been smashed by Jani, a 10-year-old Finnish lad who found a major flaw in Instagram. In February the precocious youth reported the vulnerability, which could be exploited to delete comments from any account on Instagram, which is …
when a *ten year old child* can find the bugs in your code?
There was a tv program "Are you smarter than a 5th grader?" or some such. Should we be taking all your code & running it past a child to check it for flaws?
If the child finds any, does that mean we give him your job & send your lame arse back to school?
Sheesh. I've heard of "Script Kiddies" but this one learned on *Youtube* FFS, so you KNOW the bug had to be particularly glaring.
Yes, and it tells you that anything a child is *really* interested in, they can spend not only more time but more mental energy than most adults on this. Thus should be better. See many computer games ;)
Since this includes outwitting their doddery caregivers (speaking as a sprog keeper) I'd welcome their attention being placed on something where this attention to detail also translated into some real world skills.
Most 10-12 year olds are smarter than anyone 16-25. Sharp minds have little people, and harder to fool.
They;d rule the world, apart from teenage hormones. One set of problems for another :)
@Shadow Systems:"Sheesh. I've heard of 'Script Kiddies' but this one learned on *Youtube* FFS, so you KNOW the bug had to be particularly glaring."
and
@Seajay#: "This doesn't tell you that a ten year-old is smarter than facebook. It tells you that finding a bug is easier than writing bug free code."
Yeah, well, nobody else found it before he did, so kudos to the kid.
@Doctor evilkudos to the kid.
Hell yes. I didn't mean to take anything away from his achievement. That's pretty extraordinary for a 10 year old (assuming his dad didn't do it and pass on the credit). All I meant was that this story doesn't tell us "Oh noes Facebook security is terrible, it's worse than it would be if we let a 10-year-old do it". It just tells us that security is hard.
That should have gone up for auction with the highest bidder getting the choice of thumbs up or down and all the money put into some worthy charity. Canadians by now probably would have snapped it up to end the embarrassment and sent it permanently to the eternal bit bin.
This post has been deleted by its author
One of the things about not knowing a lot about computers and programming is you can take them by surprise as you wont be programmed into thinking 'this works like this so I'll try this'. I was at my most destructive when beginning in the field - simply because I'd try things that no-one else would dream of.
I got better once I worked out an even better way was to just throw random shit at a program and see how it behaves. Not so easy to do that on the internet as people think you're DDOSing them or something and you cant test something that refuses to talk to you.
Its not to hard to do it in house though - a bit of python and a walk around your web pages with a cupful of beautifulSoup* and a few random numbers and you'd be surprised how much havoc you can wreak.
But get someone who doesnt know how GET and all that shit work and dont laugh at their ideas - try em and watch your development web site disintegrate!
13 years old, and that's down to COPPA.
Not that anyone seems to be enforcing it, if YouTube comments are anything to go by. (Obligatory XKCD)
"Mickos, who is also Finnish... attributed this to its excellent school system, fast and cheap internet connections, and long, cold, dark Finnish winters."
I, who am a mathematician, would start by attributing it to the Poisson distribution, before seeing whether this other stuff makes one jot of difference. (A school system obviously does, but beyond a certain level I claim not a significant difference.)