Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Technically he used the 1st bug to enter their systems and then escalate access through other security holes or bugs.

That's not likely to be accepted by default by most companies. I would assume a default "do not escalate access" unless explicitly asked for.



While I can see why that's the case - If a surface breach is patched, any other flaws that could be exploited won't be accessible to an attacker.

On the other hand, software is built in layers. If there's an "inside" breach, i.e. I can get from an inner layer to a deeper layer, I would want to know about it.

Facebook were idiots to structure their policy this way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: