Facebook awarded $20,000 to UK security researcher Jack Whitton who found a critical bug in the social network’s text-messaging service that would let attackers access and use someone’s account by sending a message. The attack uses Facebook’s feature that permits users to log in with a telephone number linked to their account. Whitton, who also participates in other bug bounty programs, discovered the hacker can tie his own phone number to the target account, then reset the password with a text message. Whitton posted a detailed accounting of the flaw on his website < http://blog.fin1te.net/post/53949849983/hijacking-a-facebook-account-with-sms >.
(BBC)(Help Net Security)(fin1te -- Whitton website)
Monday, July 22, 2013
Facebook Award Bug Bounty to UK Researcher
