Facebook to Expand Bug Bounty Program

Now the project involves third-party websites and applications
19 September 2018   882

Facebook announced the expansion of the reward program for finding errors associated with fraudulent access tokens.

When authorized in an application via Facebook, the user receives a unique access token. Once in the hands of an attacker, such a token can be used on the basis of permissions set by its owner.

Now the project involves third-party sites and applications, namely:

  • Instagram;
  • Internet.org / Free Basics;
  • Oculus;
  • Onavo;
  • Open Source platform (based on Facebook);
  • WhatsApp.

Developers Facebook updated the terms of service, which included the main criteria for filing a complaint about the error. The main one is that the complaint should have a clear confirmation, demonstrating how to receive tokens. Claim can be made by contacting Facebook security.

The Facebook team is ready to pay $ 500 for the vulnerability found in the application or on the site, if the report on it is compiled correctly. Complaints will be accepted only if the user has found an error with the help of passive information viewing and did not use it in any way for own purposes.

The company also established a list of problems for which this program does not apply:

  • spam and social engineering techniques;
  • denial of service attacks;
  • introduction of content if the risk is not proven;
  • security vulnerabilities in third-party applications and on third-party sites integrated with Facebook (including most of the pages on apps.facebook.com);
  • execution of scripts on domains-sandboxes (for example, fbrell.com or fbsbx.com).

Raising the issue of security and speed of problem-solving, the developers of Facebook have created a tool called SapFix, which automatically generates and implements patches. The development is based on artificial intelligence, which independently finds errors in the design and offers correction options.

LineageOS Team to Report on Project Updates

Since March, the number of assemblies provided by the project replaced CyanogenMode has increased to 36 devices
03 July 2019   380

The developers of the LineageOS project, which replaced CyanogenMod after abandoning the project of Cyanogen Inc, published a report on the development of the LineageOS 16 branch based on the Android 9 platform. Since March, the number of assemblies provided by the project has increased to 36 devices. Recent changes are noted:

  • AOSP’s Night Display now controls night mode (on recent devices only, such as those with a Snapgragon 820 or more recent)
  • LiveDisplay remains available for all its other features
  • The volume panel can now be expanded to control all the various volume streams
  • The volume panel can now be optionally relocated to the left
  • Expanded quick settings are back
  • Detailed views for the following tiles are available: Wi-Fi, Bluetooth, Mobile Data, Location, Profiles
  • New default wallpaper and a new wallpapers app with many new, and old, wallpapers
  • Other than the usual nature, urban and abstract themed wallpapers, monochromatic and gradients wallpapers are now available
  • Privacy Guard now supports apps in the Work Profile
  • It’s possible to add up to two LockScreen shortcuts again
  • Circle battery is back after being missing since LineageOS 13.0
  • Notification ringtone level can be unlinked from phone calls ringtone level
  • GPS battery saving mode can now be enabled from the Settings
  • Vim has been updated to version 8.1
  • Nano has been updated to version 4.2
  • Fixed issue were using certain private DNS caused devices to crash thanks to backported fix from Q
  • Support for bluetooth SBC DualChannel HD has been added (both 15.1 and 16.0)
  • Performance improvements for Eleven (music player app) (both 15.1 and 16.0)
  • Updated call recording configurations (both 15.1 and 16.0)

Additionally, developers mark the termination of the formation of assemblies LineageOS 15.1 for Google Nexus 4, Asus Zenfone Max Pro M1, Nvidia Shield Tablet, Samsung Galaxy S9, Samsung Galaxy S9 + and ZTE Axon 7.

Get more info at official website.