
Hacking Facebook’s Corporate Network for Fun and Profit - ssclafani
http://stephensclafani.com/2012/07/31/hacking-facebooks-corporate-network-for-fun-and-profit/
======
tectonic
That's a pretty serious hole indeed. Good find!

Is the title a reference to
[http://blog.andrewcantino.com/blog/2011/12/14/hacking-
google...](http://blog.andrewcantino.com/blog/2011/12/14/hacking-google-for-
fun-and-profit) or a coincidence?

~~~
ssclafani
Thanks. Both titles are references to the paper _Smashing The Stack For Fun
And Profit_ by Aleph One. <http://insecure.org/stf/smashstack.html>

------
cluda01
Why don't more companies do this? It seems like a good way to outsource your
penetration testing at bargain basement prices.

edit: Well, I would say in concert with your own internal penetration test,
not replace

~~~
kayman
It requires a new way of thinking. Crowd sourcing your security and giving an
incentive for the person to report the security hole.

~~~
GFKjunior
Here is German? site that does crowd-sourced pen-testing. I have no first hand
experience but most testers seem to be from eastern europe.

<https://www.hatforce.com/>

------
pavel_lishin
I wonder what the deadline is. How much time can pass between me finding a
vulnerability and me reporting it before I'm labeled an evil black-hat,
instead of a bug-reporting penetration tester?

------
darien
Sounds like this guy had bad timing -
[http://www.pcworld.com/businesscenter/article/229396/uk_man_...](http://www.pcworld.com/businesscenter/article/229396/uk_man_arrested_on_facebook_hacking_charges.html)

