Advertisement
Saturday, Nov 27, 2021
Outlook.com
Outlook.com

Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert

Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert
outlookindia.com
1970-01-01T05:30:00+0530
Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert

New Delhi, June 8 (IANS) It is raining bug bounties for Indian ethical hackers and cybersecurity researchers as now, an Ahmedabad-based security researcher Bipin Jitiya has won Rs 23.8 lakh ($31,500) from Facebook for identifying a bug in its social networking platform and a third-party business intelligence portal.

Jitiya, 26, identified the web security vulnerability in internal blind Server-Side Request Forgery (SSRF) in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.

MicroStrategy has partnered with Facebook on data analytics projects for several years. Jitiya reported the bug to the MicroStrategy''s security team, who acknowledged it, saying the issue has been mitigated.

"I have always aimed in finding bugs in Facebook because it is the biggest social network on Earth with best-in-class security features in place. This time, they have awarded me with $31,500 for finding a critical bug. I have identified bugs in their systems in the past too," Jitiya told IANS on Monday.

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. In typical SSRF attacks, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization''s infrastructure, or to external third-party systems.

"I created a scenario that shows how the sensitive information leakage may be useful for launching specific attacks like path traversal and Server Side Request Forgery (SSRF). If an attacker is able to learn the internal IP addresses of the network, it is much easier for him/her to target systems in the internal network," explained Jitiya.

The bug has now been fixed.

"When I first got this bug on Facebook server I tried to convert it to RCE (remote code execution) but, unfortunately, they implemented good security measures. However, I made a total of $31500 ($1,000 + $30,000 + $500) from this vulnerability," he informed.

On a question whether he would join Facebook cybersecurity research team if given an offer, Jitiya told IANS: "I would like to stay in India and work as a security researcher for Indian firms. I am not a bug bounty hacker".

Last month, a 27-year-old Indian security researcher Bhavuk Jain grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.

The Zero Day vulnerability could have allowed a hacker to break into an Apple user''s account who log into third-party apps like like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.

"Indian ethical hackers and security researchers have come of age, and are now creating headlines the world over with their unmatched skills," said Jitiya.

--IANS

na/


Disclaimer :- This story has not been edited by Outlook staff and is auto-generated from news agency feeds. Source: IANS

More from Website

Naveen Patnaik: Alumni Of SCB Are Ambassadors Of Odisha In Every Corner Of The World

Naveen Patnaik: Alumni Of SCB Are Ambassadors Of Odisha In Every Corner Of The World

Odisha Chief Minister Naveen Patnaik on Saturday said the service rendered to humanity by SCB Medical College Hospital in Cuttack is unparalleled and its alumni is unmatched.

India’s South Africa Tour: Despite Covid Concerns, Farhan Behardien Hopes Series To Go On

India’s South Africa Tour: Despite Covid Concerns, Farhan Behardien Hopes Series To Go On

The Indian men's senior cricket team is scheduled to play three Tests, three ODIs and four T20 internationals during their tour of South Africa which begins on December 17. India A side is already in the Rainbow nation.

Paytm Q2 Results: Net Loss Widens To Rs 473 Crore

Paytm Q2 Results: Net Loss Widens To Rs 473 Crore

The company in its first quarterly earnings report since debuting on bourses informed that its total revenue rose 69 per cent on a YoY basis to reach Rs 1,086.4 crore.

More from Outlook Magazine

Of Protests, Heart Attack And Success: 74-Year-Old Farmer Recalls Her Journey From Amritsar To Singhu

Of Protests, Heart Attack And Success: 74-Year-Old Farmer Recalls Her Journey From Amritsar To Singhu

A 74-year-old woman from Amritsar narrates how she braved social prejudice, bitter cold and a heart attack to stay put at Singhu border with other protestors.

Dissent Is A Work Of Art

Dissent Is A Work Of Art

As a medium of ethical intervention, art has been pivotal in conveying messages of recent protests to the masses

From Arab Spring To Anti-Covid Stir, How The World Is Protesting

From Arab Spring To Anti-Covid Stir, How The World Is Protesting

Democracy is straining at the seams as authoritarian governments across the world lock horns with citizens.

Advertisement

Outlook Newsletters

Advertisement
Advertisement