[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Facebook Attach EXE Vulnerability
- To: Valdis.Kletnieks@xxxxxx
- Subject: Re: [Full-disclosure] Facebook Attach EXE Vulnerability
- From: Laurelai <laurelai@xxxxxxxxxxxx>
- Date: Fri, 28 Oct 2011 22:15:50 -0500
On 10/28/2011 10:03 PM, Valdis.Kletnieks@xxxxxx wrote:
> On Fri, 28 Oct 2011 20:44:04 CDT, Laurelai said:
>> On 10/28/2011 6:17 PM, Ulises2k wrote:
>>> You know this? ;)
>>> https://www.facebook.com/whitehat/bounty/
>> Facebook has a habit of ignoring issues
> So? That's their problem, not yours.
>
> The moral thing to do is to work with them on a responsible disclosure in
> hopes
> of a bounty. Then when it becomes apparent they intend to ignore the issue,
> you've at least tried to do the right thing - so publish and at least score
> some reputation points. ;)
>
> Of course, the devil is in the details - for instance, how long is it
> "responsible"
> to wait if you discover a zero-day that's already being exploited on a large
> scale?
When we informed facebook of our discovery ( not this one another one)
they ignored us and when asked by the media they denied it was even a
problem, I wonder how many people actually have cashed in on that bounty
they offered?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/