Facebook launches bug bounty ‘loyalty program’

fb-hackerplus.png

Image: Facebook

Social media behemoth Facebook launched today Hacker Plus, the first-ever loyalty program for a tech company’s bug bounty platform.

Designed after the loyalty programs used by airlines and hotels, Facebook said Hacker Plus would provide extra bonuses and special perks to bug hunters based on their past reports.

Any researcher who submitted or submits bugs to Facebook’s bug bounty program is automatically included and ranked inside the Hacker Plus loyalty program.

Facebook said it plans “regularly evaluate” security researchers’ performance based on the cumulative quantity, score, and signal-to-noise ratio of their bug submissions over the last year.

Based on the scores, bug hunters will be placed inside one of five tiers (leagues): Bronze, Silver, Gold, Platinum, and Diamond.

Each tier comes with its own benefits. The most common benefit is an added bonus for successful bug submissions.

“Starting at 12:00 a.m. UTC on October 9, 2020, bounty

Read More
Read More

Instagram bug opened a path for hackers to hijack app, turn smartphones into spies

Facebook has patched a critical vulnerability in Instagram that could lead to remote code execution and the hijack of smartphone cameras, microphones, and more. 

Privately disclosed to Facebook, the owner of Instagram, by Check Point, the security flaw is described as “a critical vulnerability in Instagram’s image processing.”

Tracked as CVE-2020-1895 and issued a CVSS score of 7.8, Facebook’s security advisory says the vulnerability is a heap overflow problem.

See also: Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

“A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128,” the advisory says. 

In a blog post on Thursday, Check Point cybersecurity researchers said sending a single malicious image was enough to take over Instagram. An attack can be triggered once a crafted image is sent — via email, WhatsApp, SMS, or any other

Read More
Read More