1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Facebook bug hunter stumbles on backdoor left by... another bug hunter

Discussion in 'CSO' started by RSS, Apr 25, 2016.

  1. RSS

    RSS New Member Member

    When Orange Tsai set out to participate in Facebook's bug bounty program in February, he successfully managed to gain access to one of Facebook's corporate servers. But once in, he realized other hackers had beaten him to it.

    Tsai thought he had stumbled on some malicious activity in Facebook's network. But, according to a statement from Facebook on Friday, what he found was something else.

    Tsai, a consultant with Taiwanese penetration testing outfit Devcore, had started by mapping Facebook's online properties, which extend beyond user-facing services like facebook.com or instagram.com.

    One server that caught his attention was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was presumably used by Facebook employees for file sharing and collaboration.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page