Guest User

Facebook Security

a guest
Jul 25th, 2013
1,643
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Emrakul from Facebook Security contacted me asking if Facebook can contact the author of a news article and have him change the reward amount from $1,500 to $15,000. I responded by saying that the reward that I was given for this exploit was $1,500. 9 days later I got a response claiming that it was a mistake.
  2.  
  3. The email that was sent, came from the same Facebook Email Address assigned for this bug report.
  4.  
  5. Facebook (July 16th):
  6. ------------------------
  7. Hi Dan,
  8.  
  9. Is it okay if we reach out to the author of http://www.csoonline.com/article/736490/facebook-fixes-critical-flaw-cites-as-example-of-bounty-s-success and let him know the amount was $15,000?
  10.  
  11. Thanks,
  12.  
  13. Emrakul
  14. Security
  15. Facebook
  16. -------------------------
  17.  
  18. Me (July 16th):
  19. -------------------------
  20. When the vulnerability was patched, I was told by the Facebook security team that the reward was $1,500 and that was the amount that I received in my debit card.
  21.  
  22. I wrote about the reward on my twitter feed
  23. https://twitter.com/thedanmelamed
  24.  
  25. And this news site also mentioned the amount
  26. http://grahamcluley.com/2013/07/facebook-vulnerability/
  27. -------------------------
  28.  
  29. Facebook (July 25th):
  30. -------------------------
  31. Hi Dan,
  32.  
  33. Haha once again this is the most confusing issue of all time for some reason. Sorry I had this confused with a different issue. I hope you send in more issues and someday soon we can pay you 15k however!
  34.  
  35. Thanks,
  36.  
  37. Emrakul
  38. Security
  39. Facebook
  40. -------------------------
RAW Paste Data