Anand Prakash, a security engineer in Bangalore, India, said in a blog post on his site that he would have hacked into any facebook account through the forgot password section.
Normally, hackers’ uses what is known as brute-force attack through software to guess numbers or codes for password reset until it gets the right one. However, on other versions of the facebook platform they used “rate-limit” on the code they send which only gives limited chances to input the code.
Apparently, in the new version of facebook, they forgot to add the “rate-limit” feature, which is what Anand Prakash, the hacker discovered.
After reporting the bug to Facebook on February 22, he was rewarded with $15,000 on March 2 by Facebook for his troubles.
No comments :
Post a Comment
DO NOT POST ANY LINK HERE PLS