Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

It's not "worth" $30,000; it's probably worth much less than that. The $30,000 has a much more powerful marketing function than it does intrinsic utility.

It's temporary access because you can trivially write a tool that goes through Facebook's audit logs to find out which accounts have likely been taken over using this tool, which is something Facebook would certainly do if there was evidence that people had been exploiting it at any kind of scale.

A big chunk of my last year has been in ATO detection and mitigation and I think you'd be surprised what kind of dumb stuff generates serious investigations from companies with far fewer security team resources than Facebook.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: