Facebook Offers A Bug Bounty

Facebook is about to get a little safer with the social networking site’s announcement that it will offer a bounty to independent researchers for any bugs they uncover, to the tune of $500 a pop (or potentially more, if you bag an especially prized bug).

To receive a bounty, you have to agree to certain terms and meet specific criteria. For starters, you have to assent to the Reasonable Disclosure Policy, which states that:

If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.

Fair enough. Further, you have to be the first to report a given bug, and the flaw you report must be one that affects private user data. Facebook’s Security Bug Bounty page gives cross-site scripting, cross-site request forgery, and remote code injection as specific examples of bounty-worthy fare.

The Information For Security Researchers page promises to investigate any legitimate reports.

Unfortunately for many Facebook users, there will be no bounty for flaws exposed in the legions of third-party Facebook applications, nor any Websites that simply link to Facebook. Thus, your finger must still waver hesitantly over the mouse button every time you’re about to grant a third-party access to your account.

And of course, social engineering scams will still proliferate unabated, so users must remain vigilant on that front. (Eg., If your dear old aunt posts some video that promises nudity or something especially gross, she’s been hacked. Do her a favor and tell her to change her password.)

Share and Enjoy

Firefighters may soon face social networking restrictions – WSBT

SOUTH BEND — Whether on or off the job, soon South Bend firefighters will not be allowed to Facebook, tweet, or blog anything relating to their job.

About two years ago, a firefighter posted a picture to Facebook while responding to a call. That picture violated HIPAA laws.

The South Bend fire chief said they’re now taking precaution with a new social media policy, saying it’s better to be safe than sorry.

But the union said this new rule might spark a fiery debate.

“All we’re asking is don’t put anything with the South Bend Fire Department on your Facebook,” said Chief Howard Buchanon.

For some firefighters, a new policy is putting out the flame on their social networking capabilities.

The South Bend Board of Public Safety approved a handful of new rules in July — one specifically says, “Firefighters shall not, unless granted permission by the fire chief, identify themselves in any way as South Bend Fire Department employees on internet sites.”

“We’re just trying to be proactive and stay ahead of the game, to keep all the firefighters from not getting in any trouble, not only with the fire department, but saying things they shouldn’t be saying,” Buchanon said.

But the union fired back saying there are too many gray areas to move forward with the new rule:

“For instance, I am sure the chief did not intend that simply filling out a product registration form would subject a firefighter to discipline,” said Todd Skwarcan, vice president of IAFF Local 362. “However under the current wording that is what could happen if a firefighter shares his profession because the change demands strict secrecy as to our place of employment on any internet site…protecting the privacy of our coworkers and the public we serve is of the utmost importance. Finding a written policy that does that is the hard part, and several of these proposals go too far.”

“The trend around the country is certainly for public safety employees to have some sort of policy that tells them what is OK or not ok to put on their social networking sites,” said Chief John Vance from Clay Fire.

Vance said his department’s social media restrictions aren’t as strict as South Bend’s, but he understands their need to control content on the web.

“People do expect more out of public safety personnel in particular and we want them to hold that high standard,” Vance said.

The new policy takes effect on September 1 for all South Bend firefighters.

But the unions said it won’t take effect until they sit down with the fire chief to better understand what’s at stake.

WSBT spoke with Mishawaka and Elkhart — they both said they haven’t felt the need to enforce social media rules to this extreme just yet.

 

Share and Enjoy