Web App Pen Testers
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
-
JDMurray Admin Posts: 13,101 AdminSo what keeps my ISP (Verizon) from cancelling my account for attempting to hack into Facebook? Maybe people should do it anonymously from Starbucks. And there's got to be a contract to sign with Facebook stating the rules of engagement.
These types of offers may be small change money-wise, but if you do get paid for finding something, you can brag about it on your CV, and that's a great way to start a career as a pen tester. -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■So what keeps my ISP (Verizon) from cancelling my account for attempting to hack into Facebook? Maybe people should do it anonymously from Starbucks. And there's got to be a contract to sign with Facebook stating the rules of engagement.
These types of offers many be small change money-wise, but if you do get paid for finding something, you can brag about it on your CV, and that's a great way to start a career as a pen tester.
You're crazy if you don't get a signed document. If you decide to do it at Starbucks, make sure you read the fine print before you load BackTrack -
chrisone Member Posts: 2,278 ■■■■■■■■■□This is also dangerous for facebook, say you deliberately hack and bring them down or deface the website. You get caught, and sued, you easily have an out clause because you can say you were trying to help facebook and possibly get paid for your work.
I saw this as an immediate get out of jail free card for anonymous or LULZsec or any other hacktivist groups. It can also be a form of entrapment by Facebook.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■"We worked with several third-party groups to ensure that the language in our policy protects researchers and makes clear our intent to work with, not punish, those who report information," Sullivan wrote.
The Electronic Frontier Foundation, an advocacy group that often weighs in on Internet-related legal issues, is a fan of that approach.
"We hope to see others follow Facebook's lead and go even further," the EFF wrote last year about Facebook's security policy. "The more transparent companies are about their approaches to vulnerability disclosure -- and the more they encourage users to come forward -- the more often they will learn about problems that need to be fixed."
Obviously that isn't going to help you with your ISP, but seems there is some sort of policy to cover your butt. Always look at the fineprint, I'd have to read the security policy to see how you are suppose to identify yourself as a professional or researcher. Loved to see someone get caught and using testing as the excuse:
Cop: "So you broke into your ex's Facebook and called her nasty things?"
You: "Um it was a security audit I was doing and I found a bug"
Cop: "Did you report the bug?"
You: "Um, as soon as I get out of here I will, promise I intended too!"WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□Even if I'm an InfoSec pro, I would rather not participate in this. If the anonymous finds out that you are helping them out, then you are probably screwed. That's just my theory.
-
alan2308 Member Posts: 1,854 ■■■■■■■■□□Sounds like Facebook getting worried now that Anonymous has announced that they're coming for them.
-
idr0p Member Posts: 1041.) It says they give you money for finding BUGS not exploits there is a difference they are not asking you to hack them.
2.) It actually is a good more on facebooks part. they get "scanned" all the time by random people anyway might as well learn from them. I relate it do documentries where people are doing stuff illegal.. they are protected for educational purposes. -
JDMurray Admin Posts: 13,101 Admin1.) It says they give you money for finding BUGS not exploits there is a difference they are not asking you to hack them.
So go forth and "QA" Facebook--but only with permission, and by following Facebook's rules.