Facebook to Expand Bug Bounty Program

Now the project involves third-party websites and applications
19 September 2018   266

Facebook announced the expansion of the reward program for finding errors associated with fraudulent access tokens.

When authorized in an application via Facebook, the user receives a unique access token. Once in the hands of an attacker, such a token can be used on the basis of permissions set by its owner.

Now the project involves third-party sites and applications, namely:

  • Instagram;
  • Internet.org / Free Basics;
  • Oculus;
  • Onavo;
  • Open Source platform (based on Facebook);
  • WhatsApp.

Developers Facebook updated the terms of service, which included the main criteria for filing a complaint about the error. The main one is that the complaint should have a clear confirmation, demonstrating how to receive tokens. Claim can be made by contacting Facebook security.

The Facebook team is ready to pay $ 500 for the vulnerability found in the application or on the site, if the report on it is compiled correctly. Complaints will be accepted only if the user has found an error with the help of passive information viewing and did not use it in any way for own purposes.

The company also established a list of problems for which this program does not apply:

  • spam and social engineering techniques;
  • denial of service attacks;
  • introduction of content if the risk is not proven;
  • security vulnerabilities in third-party applications and on third-party sites integrated with Facebook (including most of the pages on apps.facebook.com);
  • execution of scripts on domains-sandboxes (for example, fbrell.com or fbsbx.com).

Raising the issue of security and speed of problem-solving, the developers of Facebook have created a tool called SapFix, which automatically generates and implements patches. The development is based on artificial intelligence, which independently finds errors in the design and offers correction options.

KDevelop IDE 5.3 to be Released

Version 5.3 fully supports KDE 5 development, including with the Clang compiler
15 November 2018   62

An update of the KDevelop integrated development environment has been released. Version 5.3 fully supports KDE 5 development, including with the Clang compiler. The project uses the KDE Frameworks 5 and Qt 5 libraries.

Key improvements and new features:

Improved C++ support:

A lot of work was done on stabilizing and improving our clang-based C++ language support. Notable fixes include:

  • Clang: include tooltips: fix range check. 
  • Allow overriding the path to the builtin clang compiler headers.
  • Always use the clang builtin headers for the libclang version we use.
  • Group completion requests and only handle the last one. 
  • Fix Template (Class/Function) Signatures in Clang Code Completion. 
  • Workaround: find declarations for constructor argument hints. 
  • Clang: Improve argument hint code completion. 

Improved PHP language support:

  • Much improved support for PHP Namespaces
  • Added support for Generators and Generator delegation
  • Updated and expanded the integrated documentation of PHP internals
  • Added support for PHP 7's context sensitive lexer
  • Install the parser as a library so it can be used by other projects (currently, umbrello can use it) 
  • Improved type detection of object properties
  • Added support for the object typehint
  • Better support for ClassNameReferences (instanceof)
  • Expression syntax support improvements, particularly around 'print'
  • Allow optional function parameters before non-optional ones 
  • Added support for magic constants __DIR__ and __TRAIT__

Improved Python language support

The developers have been concentrating on fixing bugs, which already have been added into the 5.2 series.

There are a couple of improved features in 5.3:

  • Inject environment profile variables into debug process environment.
  • Improve support for 'with' statements.