Comment: It appears payback can be embarassing for Facebook after claiming Facebook refused to pay a bug bounty for his reported flaws affecting the Instagram iOS app
=================================================================================================
By Darren Pauli, 30 Jul 2014
London developer Stevie Graham has built an Instagram stealer dubbed Instasheep that can hijack accounts over public networks.
Graham (@stevegraham) published Instasheep - a play on the 2010 Facebook stealer Firesheep - after claiming Facebook refused to pay a bug bounty for his reported flaws affecting the Instagram iOS app.
Facebook was reportedly aware of the bug and was working on a fix by deploying HTTPS across its portfolio.
The dev found a session cookie passed back to the application could be stolen by attackers residing on the victim's network that would provide access to Instagram accounts.
The Register/ full read here/ http://www.theregister.co.uk/2014/07/30/instagrampopping_tool_born_after_facebook_denies_bug_bounty/
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.