Hacker News new | ask | show | jobs
by jonson 4681 days ago
In my opinion..I think they should compensate him.They said he violated their terms...Their terms on the whitehat page is not even localised for other Languages. Too Bad.
2 comments
mike-cardwell 4681 days ago
In his first message, he demonstrates that his bug exists by showing that he exploited somebody elses account. This is obviously, never the way to make a bug report. Heck, it's probably even illegal. You shouldn't need to read a sites terms and conditions to know that doing this will be breaking them. It's an expensive lesson. Hopefully it will lead to him being more sensible in future. I have no sympathy.
link
pampa 4681 days ago
Denying bounty to a hacker on some bullshit "Terms of Service" violation excuse defeats the whole purpose of the bounty program.

Next time a hacker will just sell the exploit to somebody else, cash upfront, and wont bother reporting.

link
dylangs1030 4681 days ago
It's not "bullshit Terms of Service" - Facebook clearly lays out the terms of the Whitehat program.

There was no bait and switch - it's very explicitly stated that he should not be exploiting the vulnerability, and that it needs to be clearly explained.

I respect that he found a vulnerability, but he still needs to adhere to a website's terms and conditions. If the security team he reports a bug to doesn't "get it" the first time he should try again, not publicize it on Hacker News and attract negative publicity by putting it on Mark Zuckerberg's wall.

link
pampa 4681 days ago
It's not "bullshit Terms of Service", it's "bullshit excuse". There is a difference.
link
dylangs1030 4681 days ago
You originally said bullshit TOS, which is why I quoted that. It's not a bullshit excuse for all the reasons I already mentioned.
link
mike-cardwell 4681 days ago
Replace:

"Next time a hacker will just sell the exploit to somebody else, cash upfront, and wont bother reporting."

With:

"Next time a hacker will make sure they follow the Terms of Service when reporting"

For a much more likely scenario.

link
orf 4681 days ago
He also gave no technical information at all. He gave more info on his education than the bug he found.
link
1337biz 4681 days ago
It's a cultural thing. This should signal most likely some form of competency and credibility upfront.
link
Sam_Odio 4681 days ago
While the instructions to report bugs on the whitehat page are not localized, the terms Facebook is referring to (https://www.facebook.com/legal/terms) are.
link