Re: Facebook Attach EXE Vulnerability

[xD 0x41 <secn3t () gmail com>]

I sort of have to agree with this, as I earlier stated, FB somehow
seems to affect even those who dont use it (like me), but all my
family, and theyre friends and theyre friends, as i know, neary
everyone i know uses it but me!
I guess this is why I am abit peeved at theyre offer of 500bux for a
bug but again, this is 90% more than 99% of the others out there would
offer :s
This is a large netork, and as i know myspace failed due to many bugs
and virus, and one particular worm (was actually coded in VB and was
hiding itself as some pllugin...remember) that bug destroyed the
entire place, trust was gone, one bug did this.
would it be hard for them to say UP gtheyre portfolio and maybe align
it in accordance with atleast google, who is paying 1337$ for standard
bugs and this INCLUDES d0s, wich was pathetic i saw that FB wont pay
on that, i know theyre webserver cannot be that good, and if theyre
this confident, then they must still not have learnt about 0days...
If more people followed googles lead, id be a happier man. that is all
bugs 1k minimum, rce/rci 3k, now, you are on par with the blacker
side, and worth more than the fun of the exploiting or even now the
gains...
cheers.



On 2 November 2011 02:56, Peter Dawson <slash.pd () gmail com> wrote:
> Yes to a certain degree its all about " Saving FACE". .. however FB's
> 30member integrity team is only bothered about how to manage the vectors
> that have been primed to protect.
>
> FB is the  largest network "protected" .. (YES big word Protected !! / they
> have over 25B checks per day and reaching upto 65K/sec at peak.  Building an
> Immune System as large as FB's takes time, but its only on known vectors.
> The unknown is never realized unless one is willing to collaborate and
> confirm with user/community.   Large Org's have the syndrome if living in
> the "ivory tower" and that is the biggest downfall.
>
> What could have happened if a zero day was filed and alternative markets
> were sought with this bug ?  Yes, alternative markets pay better !.. but
> just saying. .what  was damage ratios to users ?
>
>
> /pd
>
> On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin <mutin () commonwealthcare org>
> wrote:
> > Face Book is trying to save its face. It's typical.
> > I got the same answer from SonicWALL one year ago when discovered that
> > simple internal network scanning (Nessus, Nmap, etc.) brings down entire
> > network. The firewall internal TCP connections stack was overloaded within a
> > few seconds (IPS is not enabled, thus was not accepting new connections.
> >
> > Mikhail A. Utin, CISSP
> > Information Security Analyst
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/