| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Nov 2011 09:38:53 +1100 From: xD 0x41 <secn3t@...il.com> To: Peter Dawson <slash.pd@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Facebook Attach EXE Vulnerability I sort of have to agree with this, as I earlier stated, FB somehow seems to affect even those who dont use it (like me), but all my family, and theyre friends and theyre friends, as i know, neary everyone i know uses it but me! I guess this is why I am abit peeved at theyre offer of 500bux for a bug but again, this is 90% more than 99% of the others out there would offer :s This is a large netork, and as i know myspace failed due to many bugs and virus, and one particular worm (was actually coded in VB and was hiding itself as some pllugin...remember) that bug destroyed the entire place, trust was gone, one bug did this. would it be hard for them to say UP gtheyre portfolio and maybe align it in accordance with atleast google, who is paying 1337$ for standard bugs and this INCLUDES d0s, wich was pathetic i saw that FB wont pay on that, i know theyre webserver cannot be that good, and if theyre this confident, then they must still not have learnt about 0days... If more people followed googles lead, id be a happier man. that is all bugs 1k minimum, rce/rci 3k, now, you are on par with the blacker side, and worth more than the fun of the exploiting or even now the gains... cheers. On 2 November 2011 02:56, Peter Dawson <slash.pd@...il.com> wrote: > Yes to a certain degree its all about " Saving FACE". .. however FB's > 30member integrity team is only bothered about how to manage the vectors > that have been primed to protect. > > FB is the largest network "protected" .. (YES big word Protected !! / they > have over 25B checks per day and reaching upto 65K/sec at peak. Building an > Immune System as large as FB's takes time, but its only on known vectors. > The unknown is never realized unless one is willing to collaborate and > confirm with user/community. Large Org's have the syndrome if living in > the "ivory tower" and that is the biggest downfall. > > What could have happened if a zero day was filed and alternative markets > were sought with this bug ? Yes, alternative markets pay better !.. but > just saying. .what was damage ratios to users ? > > > /pd > > On Tue, Nov 1, 2011 at 9:03 AM, Mikhail A. Utin <mutin@...monwealthcare.org> > wrote: >> >> Face Book is trying to save its face. It's typical. >> I got the same answer from SonicWALL one year ago when discovered that >> simple internal network scanning (Nessus, Nmap, etc.) brings down entire >> network. The firewall internal TCP connections stack was overloaded within a >> few seconds (IPS is not enabled, thus was not accepting new connections. >> >> Mikhail A. Utin, CISSP >> Information Security Analyst >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists