The Facebook hacker who caught a Facebook hacker

Source: National Cyber Security – Produced By Gregory Evans

Here’s a fascinating story about a hacker who caught a hacker. (We’re using the word hacker in a legally non-committal sense here: someone with technical skills who finds ways to do things with a computer system that weren’t supposed to happen.) We don’t know who the first hacker is, but the second, who caught out the first, goes by Orange Tsai, and works as a penetration tester at Devcore, a boutique security consultancy in Taipei. Facebook was the victim of both hacks, but is surprisingly relaxed about it. Facebook considers both hackers to be researchers who participate in the company’s bounty program; indeed, Orange was awarded $10,000 for the discovery described here. We recommend that you read Orange’s own report, because it gives a very clear account of how a penetration tester (and, for that matter, a cybercrook) goes about researching, exploring and exploiting security holes in a network. What happened? The quick version is that Orange went looking for unusually-named Facebook servers, and soon found one called VPN is short for Virtual Private Network, which is, in this context, a secure gateway into TFBNW, short for The FaceBook NetWork. That server sounds like a great place to start […]

The post The Facebook hacker who caught a Facebook hacker appeared first on National Cyber Security.

View full post on National Cyber Security