A Indian Cyber Security Researcher earns 15 lakhs bug bounty From Facebook

-



A cross-site scripting (XSS) vulnerability that affected the ‘Login with Facebook’ button has earned a security researcher 15 lakhs.

A indian cyber security researcher named Vinoth Kumar discovered a DOM-based XSS vulnerability in the technology that gives third-party websites the option to authenticate visitors through the Facebook platform.

The security issue arose because of a flawed implementation of the postMessage API.


Kumar described the technology is an underexplored avenue for security bug hunters, hence his decision to look into Facebook’s implementation.


The researcher reported the issue to Facebook on April 17, three before days the social network resolved the security bug. Facebook paid out a 15 lakhs bug bounty for Kumar’s find on May 1.



Comments

Post a Comment

Popular posts from this blog

How To Create A Wordlist On Termux?

-
Image
How to Creat a Wordlist? If you are doing a Brute Force attack then first you need to creat a Wordlist.  At first you need to know how to use Termux apk on Android. So see my previous writing on Termux.  So Bruteforce Attack is one of the well known attack. So first You need to download Termux Apk. Open Termux App. Use Command :  $ pip install nano Now : $nano You will get a interface as shown below! Now Write whatever you want on this page. Then Press : Ctrl+x Press  y Write file name like - password.txt(as this file will save as Text File) Then Press Enter You will get your Text File ready.  P.S. — Write file extension as .txt . Because we need a text file to to do Bruteforce Attack. Thank you
Read more

Truecaller data of 4.75 cr Indian users leaked on dark web: Report

-
Image
Truecaller data of 4.75 crore Indian users have been put on sale on the dark web for around ₹75,000, online intelligence firm Cyble reported. Truecaller however denied the report saying that there’s no breach on its database. The Truecaller data is from 2019 and the information available on the dark web has been categorised based on states, cities and carriers, Cyble said in a blog post. User information available includes phone number, carrier, name, gender, email address, Facebook ID and more. Cyble has also published the leaked details on its blog post. The security firm also suggested that this information trove will lead to scams, spams, and identity thefts. Truecaller on the other hand refutes the report and says that there’s no data breach as claimed by Cyble. “Thank you for bringing this to our attention. There has been no breach of our database and all our user information is secure. We take the privacy of our users and the integrity of our services extremely seriously and we
Read more

Carryminati's YouTube account hacked, hacker asks for bitcoin donations. Twitter has memes

-
Image
Carryminati's second YouTube account was hacked recently and the hackers asked for bitcoin donations. Twitter responded with memes. ot long ago, Twitter accounts of some of the most prominent people including Jeff Bezos, Elon Musk, Warren Buffet, Barack Obama, Joe Biden and Bill Gates were hacked. All these accounts tweeted out a similar bitcoin message asking people to donate through a particular URL. Now, one of the most famous Indian YouTuber Carryminati aka Ajey Nagar is going through the same ordeal. His YouTube channel Carryislive was hacked during the early hours of Saturday. He took to Twitter to ask for assistance from YouTube. Nagar tweeted, “@YouTubeIndia My channel Carryislive has been hacked, need immediate assistance (sic).” Twitter account of YouTube India was also quick to respond and they left a comment that read, “We're really sorry this happened. Mind following us so we can continue with next steps over DM (sic)?” Similar to the Twitter hack, Carryminati’s Yo
Read more