21:36 GMT +316 July 2018
Listen Live
    A man is silhouetted against a video screen with a Facebook logo as he poses with a smartphone in this photo illustration taken in Zenica.

    The Real McCoy: Russian Hacker Helps Protect Facebook From External Threats

    © REUTERS / Dado Ruvic
    Life
    Get short URL
    2155

    While US intelligence agencies continue to chase the phantoms of Russian hackers allegedly responsible for manipulating elections and generally being nasty people, real Russian IT experts help make the Internet a safer place and receive rewards and recognition for their efforts.

    Russian IT security expert Andrey Leonov was paid a record fee by Facebook after he helped the social network to expose and resolve a potentially harmful vulnerability.

    The grateful social network's management paid Leonov $40,000 for services rendered, as part of the Facebook bug bounty program.

    The exploit in ImageMagick, a package commonly used by web services to process images, was discovered by Leonov in October 2016 while he was working on an unrelated project and decided to investigate Facebook's content sharing mechanism for potential flaws like Server-Side Request Forgery (SSRF).

    It should be noted that the vulnerability in question, known to the netizens as ImageTragick, allows an attacker to potentially execute arbitrary code on servers that use the application to edit user-uploaded images. It was originally discovered in April 2016 and disclosed to the public the following month.

    However, for some reason Facebook was apparently unable to address the issue until Leonov reported it on October 16; the flaw was patched in about three days after his tip.

    Related:

    Hacker Guccifer 2.0 Suspected of Cyberattacks on DNC Denies Any Links to Moscow
    US Intel 'Laid Itself Open to Ridicule' by Accusing Russia of Hacker Attacks
    Those Pesky Russians! Hacker Hysteria Reaches Germany Ahead of Federal Elections
    Tags:
    investigation, reward, vulnerability, software, hackers, Facebook, Russia
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment