I figured out a way to hack any of Facebook’s 2B accounts (medium.freecodecamp.org) 30 points by gregorymichael 8y ago ↗ HN
[–] master_ant 8y ago ↗ Holy crap. $15k for brute-forcing an unthrottled endpoint with GET requests? gratz on that payout [–] IshKebab 8y ago ↗ I assume payouts are linked to the severity of the attack rather than elegance.Also in this case the throttling is an absolute requirement rather than a "nice to have, users set good passwords right?" thing.
[–] IshKebab 8y ago ↗ I assume payouts are linked to the severity of the attack rather than elegance.Also in this case the throttling is an absolute requirement rather than a "nice to have, users set good passwords right?" thing.
[–] dmitrygr 8y ago ↗ What would this vulnerability be worth in the open market? 10 times that? 100x? [–] johnsonjo 8y ago ↗ I’m sure it would be way less legal that route.
[–] jackhack 8y ago ↗ Not the smartest thing, to go posting a photo of one's credit card, considering there are only 999 combinations of the security # on the back. Hopefully Visa is smarter than facebook in this regard.
5 comments
[ 4.8 ms ] story [ 26.4 ms ] threadAlso in this case the throttling is an absolute requirement rather than a "nice to have, users set good passwords right?" thing.