Full Disclosure mailing list archives
Re: Facebook Attach EXE Vulnerability
From: xD 0x41 <secn3t () gmail com>
Date: Wed, 2 Nov 2011 09:38:53 +1100
I sort of have to agree with this, as I earlier stated, FB somehow seems to affect even those who dont use it (like me), but all my family, and theyre friends and theyre friends, as i know, neary everyone i know uses it but me! I guess this is why I am abit peeved at theyre offer of 500bux for a bug but again, this is 90% more than 99% of the others out there would offer :s This is a large netork, and as i know myspace failed due to many bugs and virus, and one particular worm (was actually coded in VB and was hiding itself as some pllugin...remember) that bug destroyed the entire place, trust was gone, one bug did this. would it be hard for them to say UP gtheyre portfolio and maybe align it in accordance with atleast google, who is paying 1337$ for standard bugs and this INCLUDES d0s, wich was pathetic i saw that FB wont pay on that, i know theyre webserver cannot be that good, and if theyre this confident, then they must still not have learnt about 0days... If more people followed googles lead, id be a happier man. that is all bugs 1k minimum, rce/rci 3k, now, you are on par with the blacker side, and worth more than the fun of the exploiting or even now the gains... cheers. On 2 November 2011 02:56, Peter Dawson <slash.pd () gmail com> wrote:
Yes to a certain degree its all about " Saving FACE". .. however FB's 30member integrity team is only bothered about how to manage the vectors that have been primed to protect. FB is the largest network "protected" .. (YES big word Protected !! / they have over 25B checks per day and reaching upto 65K/sec at peak. Building an Immune System as large as FB's takes time, but its only on known vectors. The unknown is never realized unless one is willing to collaborate and confirm with user/community. Large Org's have the syndrome if living in the "ivory tower" and that is the biggest downfall. What could have happened if a zero day was filed and alternative markets were sought with this bug ? Yes, alternative markets pay better !.. but just saying. .what was damage ratios to users ? /pd On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin <mutin () commonwealthcare org> wrote:Face Book is trying to save its face. It's typical. I got the same answer from SonicWALL one year ago when discovered that simple internal network scanning (Nessus, Nmap, etc.) brings down entire network. The firewall internal TCP connections stack was overloaded within a few seconds (IPS is not enabled, thus was not accepting new connections. Mikhail A. Utin, CISSP Information Security Analyst_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Facebook Attach EXE Vulnerability mutiny (Nov 01)
- Re: Facebook Attach EXE Vulnerability Ferenc Kovacs (Nov 01)
- Re: Facebook Attach EXE Vulnerability Valdis . Kletnieks (Nov 01)
- Re: Facebook Attach EXE Vulnerability xD 0x41 (Nov 01)
- Message not available
- Re: Facebook Attach EXE Vulnerability xD 0x41 (Nov 01)
- Re: Facebook Attach EXE Vulnerability Valdis . Kletnieks (Nov 01)
- Re: Facebook Attach EXE Vulnerability Ferenc Kovacs (Nov 01)
- <Possible follow-ups>
- Re: Facebook Attach EXE Vulnerability Mikhail A. Utin (Nov 01)
- Re: Facebook Attach EXE Vulnerability Peter Dawson (Nov 01)
- Re: Facebook Attach EXE Vulnerability xD 0x41 (Nov 01)
- Re: Facebook Attach EXE Vulnerability Peter Dawson (Nov 01)