Bug bounty: Facebook paid $1.5M to white hat researchers in 2013

shutterstock_100082474

Facebook rewards white hat researchers who find errors and holes in the social network’s code, but don’t exploit them. In a look ahead at Facebook’s bug bounty program in 2014, Security Engineer Collin Greene examined what the program did in 2013.

Last year, Facebook received 14,763 submissions from researchers — a 246 percent increase from 2012. Of those submissions, 687 were valid and eligible to receive a reward. 6 percent of the eligible bugs were categorized as high severity, prompting a median response time from Facebook in about 6 hours.

Facebook paid out $1.5 million to 330 researchers around the world, with the average reward being $2,204. Most bugs were discovered in non-core properties, such as websites operated by companies acquired by Facebook.

(more…)

Facebook releases data about NSA requests

shutterstock_159315359

Facebook on Monday released data showing how many requests for data the company has received from the National Security Agency — at least, the range of these requests. From January through June 2013, Facebook received fewer than 1,000 requests for user content data from the NSA, regarding 5,000 to 5,999 accounts.

(more…)

Will Facebook’s new teen privacy settings keep younger users safer?

shutterstock_128395178

The newly-announced Facebook privacy settings for new teen accounts may have some positives, but don’t be surprised if it isn’t effective against cyber bullying, but also keeps parents from monitoring their own children’s cyber activities, says one expert.

Facebook’s privacy settings for new teenagers joining the site will at first allow only those the teen has friended to see his or her posts. If users aged 13-17 so choose, they can elect to have their posts public, but the automatic setting is friends-only.

However, will this help keep teens safer on Facebook? Steve Woda, CEO of uKnow.com — a firm that provides social media monitoring of kids’ accounts — doesn’t think these changes will help much.

(more…)

Facebook to sunset ‘Who can look up your timeline by name?’ feature

Screen Shot 2013-10-10 at 1.35.44 PM

Last year, Facebook started removing the privacy-checking feature called “Who can look up your timeline by name?” The company announced Thursday that it is officially ending this feature, prompting users to take better control of their individual privacy settings.

(more…)

Facebook for Android update has privacy walkthrough

2013-10-01_22-56-33

Facebook released a minor update to its Android app Wednesday, bringing the structured status updates to more users and giving Android users more access to privacy information.

Now, similar to its education on desktop, Android users can easily tap through to figure out how to control privacy settings on posts and figure out how to block or report harassing users.

(more…)

Facebook proposes changes to privacy policy, affecting how users’ likenesses are attached to ads

shutterstock_90929051

Facebook is proposing changes to its documents that govern privacy and how data is used in ads and elsewhere throughout the site. In light of the sponsored stories lawsuit, Facebook wants it to be clear that users are granting permission for their likenesses to be used in conjunction with advertising. The updates are scheduled to take effect Sept. 5.

An important change in the statement of rights and responsibilities notes that users would be granting Facebook permission to use their information in ads.

For a redline document showing proposed changes to the statement of rights and responsibilities, click here.

For a similar document showing proposed changes to the data use policy, click here.

Under the current statement of rights and responsibilities, Facebook notes that users can tweak their privacy settings to decide if they want their likeness to be attached to ads:

You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us.

Here is the proposed rewording to this statement (though Facebook claims that the site will not give away information to companies without a user’s consent):

You give us permission to use your name, and profile picture, content, and information in connection with commercial, sponsored, or related that content (such as a brand you like) served or enhanced by us, subject to the limits you place. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you. If you have selected a specific audience for your content or information, we will respect your choice when we use it.

(more…)

After white hat researcher hacks Mark Zuckerberg’s timeline, Facebook vows to improve communication

Ashampoo_Snap_2013.08.15_12h07m59s_002_

Facebook CEO and Co-Founder Mark Zuckerberg loves building a hacker culture, but when his own timeline was hacked, things got a little serious.

White hat research Khalil Shreateh tried to get Facebook’s attention regarding a bug that would allow a hacker to post to anyone’s timeline, but didn’t get much of a response from the company. Facebook responded to Shreateh, saying that what he brought to their attention was not a bug. Feeling that his claims were falling on deaf ears, Shreateh went all out and hacked into Zuckerberg’s timeline.

Facebook responded, saying that the white hat program “failed,” in its communication with Shreateh.

(more…)

Facebook’s bug bounty program has given more than $1M to researchers in 51 countries

shutterstock_82383217

Facebook has tapped into the power of crowdsourcing to make the site a safer place and reward researchers willing to help it out to that end.

The social network shelled out more than $1 million over the past couple years to 329 people in 51 countries who reported security problems with the site. The youngest was 13 years old. A couple of those researchers went on to work for the tech giant’s security branch.

The Bug Bounty program was launched in 2011 to reward people who report issues to the site and make it a safer place to hang out online, Facebook Security Engineer Collin Greene says in a note posted to the site’s security blog:

So far the program has been even more successful than we’d anticipated. We’ve paid out more than $1 million in bounties, and have collaborated with researchers from all around the world to stamp out bugs in our products and in our infrastructure.

(more…)

Facebook sets secure browsing (HTTPS) as default

shutterstock_146116130

In November, Facebook started to convert its default browsing from unsecured HTTP to secured HTTPS (Hypertext Transfer Protocol Secure). The company announced in a blog post that it has now finished the job of using HTTPS for all Facebook users.

This makes for a secure connection between users and Facebook. When Facebook first started enabling HTTPS, the company found that roughly 1/3 of users opted in. Since November, Facebook worked to make the HTTPS connection faster and more efficient. THe company said Wednesday that all desktop users and 80 percent of traffic through m.facebook.com happen through a secured connection. Native apps have also been using HTTPS.

(more…)

Facebook: Bug jeopardized email addresses, phone numbers of 6M users

shutterstock_82383217

A recent bug on Facebook exposed the phone numbers and email addresses of roughly 6 million users, the site reported late Friday on its blog. Facebook claims that they have no evidence that the bug was exploited maliciously, and has since been fixed. Affected users have been notified via email, and Facebook has notified regulators in the U.S., Canada and Europe.

Someone tipped off Facebook’s White Hat Program to the problem, and Facebook worked quickly to fix it.

Facebook described what happened:

Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.

Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.

Readers: Were you affected by the bug?

Image courtesy of Shutterstock.

interested in advertising with inside facebook?

Social Media Jobs
of the Day

Digital Marketing Assistant

Atlanta Magazine
Atlanta, GA

Digital Media Sales Specialist

Desert Publications, Inc.
Palm Springs, CA

Engagement Editor, HowAboutWe Media

HowAboutWe
Brooklyn, NY

Digital & Social Media Manager

Beauty & Entertainment Company
Brooklyn, NY

Webmaster

County of Napa, California
Napa, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Also from Inside Network:   AppData - Facebook & iOS Application Stats   PageData - Engagement Data on Facebook Pages   Facebook Marketing Bible   Inside Network Research
 
home | site map | advertising/sponsorships | about | careers | contact us | help courses | browse jobs | freelancers | events | forums | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us