Even as Facebook constantly monitors its security system, it is still
vulnerable to being penetrated by malicious hackers. Recently, a white
hat hacker tried to gain backdoor entry and steal employees' login
details, but to his surprise, he learnt that a bug found in the
Accellion File Transfer Appliance had already been planted in the social
media giant's system.
Taking advantage of the Menlo Park-headquartered firm's bug bounty program, white hat hacker Orange Tsai managed to breach a Facebook employee's account, only to discover that someone had already planted the backdoor bug.
Fortunately, the threat was a non-issue and Facebook's security researcher Reginaldo Silva confirmed that the malware Tsai discovered was actually installed by another security researcher.
Silva said: "On this case, the software we were using is third party. As we don't have full control of it, we ran it isolated from the systems that host the data people share on Facebook. We do this precisely to have better security, as chromakode mentioned. After incident response, we determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able to compromise other parts of our infra-structure so, the way we see it, it's a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access."
Source
Taking advantage of the Menlo Park-headquartered firm's bug bounty program, white hat hacker Orange Tsai managed to breach a Facebook employee's account, only to discover that someone had already planted the backdoor bug.
Fortunately, the threat was a non-issue and Facebook's security researcher Reginaldo Silva confirmed that the malware Tsai discovered was actually installed by another security researcher.
Silva said: "On this case, the software we were using is third party. As we don't have full control of it, we ran it isolated from the systems that host the data people share on Facebook. We do this precisely to have better security, as chromakode mentioned. After incident response, we determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able to compromise other parts of our infra-structure so, the way we see it, it's a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access."
Source
Комментариев нет:
Отправить комментарий