Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …
Instead why not put those vulnerabilities to work and purge the 'HIVE'?
Where are Shadow-Brokers or Anonymous etc, when you need them.
Only half kidding here, because GDPR / DP-Regulators won't save us:
-
"Facebook HIVE: Web browsing history is staggeringly sensitive.... It can be used to infer information on sexuality, purchasing habits, health information or political leanings.... Recognise that this data is among the most intrusive data that can be collected on individuals in the 21st century,"
-
https://www.theregister.co.uk/2018/08/24/irish_data_protection_commish_opens_inquiry_on_facebook_data_transparency/
__________________________________
Max Schrems / NOYB: "Tech companies will likely do the maths on GDPR sanctions to see which problematic features are so profitable that they can afford to keep them running - or at least eat a one-time fine as an experiment in testing the EU"
-
https://www.rte.ie/news/business/technology/2018/0816/985601-google-location-gdpr/
You don't have a choice! What do you think the Facebook HIVE is all about? This is the biggest misperception about Facebook and Google too. If everything is logged across the net then there is no escape'! How can you stop it? Even if you and everyone uses Ad-Blockers, there's still server-side data-sharing / tracking.
The guy found out an exploit with potential for arbitrary remote code execution. He could have caused serious damage to the Zucc's servers.
The message I'm getting is that if a hacker finds an exploit on facebook they're better off selling it on the black market than reporting it.
This post has been deleted by its author
......"The message I'm getting is that if a hacker finds an exploit on facebook they're better off selling it on the black market than reporting it."......
Agree, its laughable right now.... GDPR has been immediately useful for shining a light on hidden privacy abuses (Facebook HIVE etc). But it still requires enforcement action. That's more likely to come from private lawyers and sueballs fired from Schrems etc. But this all takes time as the wheels of law turn slowly. Privacy abuses and penalties are on a par with Church abuse or only compensating victims decades after the fact.
So that definitely isn't enough to persuade criminal tech organizations that behave like mafia 'cults'. Look at the Facebook 'ugly truth' memo etc. So doing the right thing voluntarily? No chance! There's just too much money in it. On the other hand If White-Hat hackers use new bugs to expose more wrongdoing instead, the revelations may become just too much to ignore.
Overall, we need to bombard executives at Facebook / Google on a daily basis, so there's no turning away. No more apologies! Privacy is a human rights issue now. We need the families of big tech to suffer and feel the heat. They're the ones who can really apply the pressure. Otherwise the trillion dollar rewards are just too much of an anti-incentive to fix anything!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
