Skip to main content

Facebook offers double reward on ad coding bugs

By
Facebook offers double reward on ad coding bugs
Facebook offers double reward on ad coding bugs

researchers who alert Facebook to Whitehat coding bugs in advertisements will receive double the usual bounty.

Colin Greene, a Security Engineer at Facebook, explained in a blog post:

Starting today and extending through the end of 2014, all Whitehat bugs in our ads code will receive double bounties. We recently completed a comprehensive security audit of this area ourselves. We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed. Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them.

Thanks to researchers, Facebook has recently fixed the following bugs:

Redeeming the same ads coupon multiple times without expiry.
Retrieving the name of an unpublished Page via the Ads Create Flow by guessing its Page ID.
Arbitrary local file read via a .zip symlink (more details in this post)
Injecting JavaScript into an ads report email and then leveraging a CSRF bug to make a victim send a malicious email to a target on your behalf.
Labels:

Popular posts from this blog

Moz: Google’s New Quick Answer Box Now Showing 98% More Often

By
Moz: Google’s New Quick Answer Box Now Showing 98% More Often According to a Moz tracking study the new formatted quick answers box you find in Google for queries like [what is seo] is showing up 98% more often than a week ago. Overall, general answer boxes, including stock quotes, weather forecasts, box scores and so on are showing up 44% more often. What are direct or quick answers from Google? Here is a picture of an example; but keep in mind it may or may not show images or photos within the box. However, they are different from the Knowledge Graph panel in that they are at the top of the search results. Moz: Google’s New Quick Answer Box Now Showing 98% More Often Moz said the day-over-day increase from September 25-26 in new answer boxes was +98%, almost doubling the total number in their data set. Here is the graphic: Moz: Google’s New Quick Answer Box Now Showing 98% More Often This is not to say that these answers show up for 50% of the search queries you do; they do not. But ...
Read more

21 Link Building Ideas That Have Nothing To Do With Guest Posting

By
21 Link Building Ideas That Have Nothing To Do With Guest Posting I think we’ve gotten better at not relying completely on guest posting as the only way to get links. I think. At least, I sure hope we have. Don’t get me wrong: Guest posting done correctly still works really well – note the emphasis on “done correctly.” I’m not recommending you remove it from your tactic list, but a little tactical diversity never hurt anyone. Note: I’m keeping these high level and vague on purpose in order to inspire as many starter ideas as possible. I find this to be ideal for brainstorming. It’ll be up to you to take the ones you like, add your own twist, and flesh it out to make it work for your company. (C’mon, I can’t do all the work for you!) PR Boilerplate. Press releases aren’t dead. Make sure you have an optimized boilerplate at the end of all of your news releases that talks about your company. It’s almost always included if/when your release gets picked up by another source. Executive Bios....
Read more

Google Launches Mobile Friendly Test Tool

By
Google Launches Mobile Friendly Test Tool The new tool is at google.com/webmasters/tools/mobile-friendly and it basically gives you a pass or fail grade. Either it tells you that you are mobile friendly or you are not mobile friendly. The messages I was able to generate include: Awesome! This page is mobile-friendly. Not mobile-friendly In each output, the yes, you are mobile friendly or no you are not, Google may or may not give more or less advice depending on the site. For example, for this site, we got an “Awesome! This page is mobile-friendly,” but it did add that “this page uses 9 resources which are blocked by robots.txt. The results and screenshot may be incorrect.” It then listed out those resources it had issues with, so you as the webmaster can decide if it is something that needs addressing. Here is a screen shot: Google Launches Mobile Friendly Test Tool I then tested a site that I know what not mobile-friendly and Google explained what the issues were including (a) text t...
Read more