So my bud hacks facebook and gets offered a job

[SirChadwick]

http://mantup.com write-up

http://www.thefacebook.com is the site if you're not familiar

He's going out to SF Valley soon to interview. Why am I not surprised.

 

[MixMasterTang]

Originally posted by: SirChadwick
http://mantup.com write-up

http://www.thefacebook.com is the site if you're not familiar

He's going out to SF Valley soon to interview. Why am I not surprised.

You mean they are setting up a sting operation to throw his ass in jail?

 

[miniMUNCH]

sting op much?

Edit: Mixmaster beat me to it.

 

[swtethan]

i predict a "my friend just got arrested for hacking thread" .... "he called me from jail"

 

[SirChadwick]

I don't know the seriousness of what he did, but they didn't seem too worried about it.

We noticed you decided to exploit an XSS hole on our site that enabled you to load a custom css file. While this is very neat and basically harmless, the action you initiated to virally propagate the exploit had a bad side effect. Because you posted to contactinfo.php just the website field, you effectively blanked the other fields on the page for anyone who viewed your profile (cell phone, email, etc). We do not like to lose data, and neither do our users. In the future, if you find a security hole, please contact me directly, rather than just exposing it on the site.

 

[chuckywang]

Originally posted by: MixMasterTang

Originally posted by: SirChadwick
http://mantup.com write-up

http://www.thefacebook.com is the site if you're not familiar

He's going out to SF Valley soon to interview. Why am I not surprised.

You mean they are setting up a sting operation to throw his ass in jail?

Was he doing anything illegal?

 

[SirChadwick]

Originally posted by: swtethan
i predict a "my friend just got arrested for hacking thread" .... "he called me from jail"

LOL! Keep your eyes peeled.

 

[chuckywang]

BTW, what does he mean when he said the accounts were getting "infected"? Was he doing anything that affects other people's facebook accounts?

 

[Udel]

That was actually a good read. I don't think he will get in trouble for it honestly. The offer is probally legit.

 

[BrokenVisage]

Tell him to hack MySpace next.

 

[moshquerade]

Originally posted by: BrokenVisage
Tell him to hack MySpace next.

he wouldn't be the first

 

[Reel]

Some guys did that on myspace already. I wouldn't be surprised if your friend took the idea from there. XSS holes are way too prevalent in web applications. Most web applications I am paid to do a security assessment on suffer from this problem.

That was also how the avatar pictures were inserted on fusetalk a year or so ago. Lucky for AT, nobody was malicious with the code they inserted because they could have done some worse things with it.

 

[AdamSnow]

Probably legit... I've known for this to happen...

He will probably do quite well

 

[swtethan]

so what happened? i bet he's sitting in jail

 

[Syringer]

Originally posted by: BrokenVisage
Tell him to hack MySpace next.

That's why facebook is hiring, to eliminate their competition.