“VKontakte” paid $700 developer, reported a serious vulnerability in the social network
15.05.2015 apleapplekot 0 Comments
Russian developer Camille Khismatullin found an error code that allowed attackers to take any personal photos of “Vkontakte” users, including hidden in the correspondence. In gratitude, the service administration transferred him $700.
About the interesting experience of salvation social networking Camille said in his blog. The developer maintains an electronic diary in English, thus, of the discoveries, including that known to a wide audience in the world. The programmer found that hackers could get direct links to image, including hidden in private messages. He personally tested the scheme of “stealing pictures” – wrote software code that for a certain period of time monitored the vulnerability, and then he got direct links to the wrong image.
“I was able to get all your photos uploaded yesterday, during the day, quoted KP Camille Khismatullina. – Did it, literally, one minute. As for your weekly archive downloaded in seven minutes! 20 minutes could collect photos uploaded during the month and year the data was archived in just two hours.”
Camille Khismatullin not the first time explores the different systems in the network. This time the choice fell on “Vkontakte”. The administration of the social network has blocked the vulnerability, therefore, to profit from other people’s images does not work.
About the bad protection of personal information online has always said. And everyone knows – paged if something in the web, then you can safely forget about his incognito status. But guess that can steal information from personal messages, not everyone could imagine. However, this happened – and quite often, apparently.
On error Camille pointed out to the management of “Vkontakte” and received for their work remuneration – about 700 dollars or 10 thousand votes (the currency of social networking).