20.9 C
Australia
Wednesday, October 28, 2020

Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert

Must read

Harshad Mehta Scam 1992

Who is Harshad Mehta? Harshad Mehta was a well known Indian stockbroker, who was known for his wealth and was charged...

Bicycle bandit assaults Mount Nice employee

Detectives have launched footage of a person exterior a Willetts Rd enterprise in Mount Nice the place a employee was struck within the...
The Indian Telegraphhttps://theindiantelegraph.com.au/
Established in 2007, The Indian Telegraph is a multi award winning digital media company based in Australia.

It is raining bug bounties for Indian ethical hackers and cybersecurity researchers as now, an Ahmedabad-based security researcher Bipin Jitiya has won Rs 23.8 lakh ($31,500) from Facebook for identifying a bug in its social networking platform and a third-party business intelligence portal.

Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert
Facebook pays Rs 23.8 lakh to Indian security researcher for bug alert

Jitiya, 26, identified the web security vulnerability in internal blind Server-Side Request Forgery (SSRF) in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.

Ahmedabad-based security researcher Bipin Jitiya
Ahmedabad-based security researcher Bipin Jitiya

MicroStrategy has partnered with Facebook on data analytics projects for several years. Jitiya reported the bug to the MicroStrategy’s security team, who acknowledged it, saying the issue has been mitigated.

“I have always aimed in finding bugs in Facebook because it is the biggest social network on Earth with best-in-class security features in place. This time, they have awarded me with $31,500 for finding a critical bug. I have identified bugs in their systems in the past too,” Jitiya told IANS on Monday.

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. In typical SSRF attacks, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.

“I created a scenario that shows how the sensitive information leakage may be useful for launching specific attacks like path traversal and Server Side Request Forgery (SSRF). If an attacker is able to learn the internal IP addresses of the network, it is much easier for him/her to target systems in the internal network,” explained Jitiya.

The bug has now been fixed.

“When I first got this bug on Facebook server I tried to convert it to RCE (remote code execution) but, unfortunately, they implemented good security measures. However, I made a total of $31500 ($1,000 + $30,000 + $500) from this vulnerability,” he informed.

On a question whether he would join Facebook cybersecurity research team if given an offer, Jitiya told TIT: “I would like to stay in India and work as a security researcher for Indian firms. I am not a bug bounty hacker”.

Last month, a 27-year-old Indian security researcher Bhavuk Jain grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.

The Zero Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.

“Indian ethical hackers and security researchers have come of age, and are now creating headlines the world over with their unmatched skills,” said Jitiya.

Latest article

Cricket: Rising Star Will Pucovski has netted a Massive Bash cope with the Melbourne Stars

Batting wunderkind Will Pucovski has lastly made the transfer to the Massive Bash after signing with the Melbourne Stars.It’s the primary BBL contract...

Breakfast Level arrest: Police seize money, medication, pistol

Officers have swooped on a property in Sydney’s internal west earlier than seizing a pistol, greater than $100,000 money, ammunition, medication and a...

No inquest into Osmington household bloodbath, however parliamentary inquiry doable

There will probably be no inquest right into a household bloodbath that shocked the nation two years in the past, however a parliamentary...

WCH assessment: Child’s hospital might get coronary heart, lung help service

South Australia’s Ladies’s and Youngsters’s Hospital (WCH) might get a heart-lung bypass service after an unbiased assessment steered it was wanted.Nevertheless, the assessment...

Two repeat sexual predators free of WA jail by the identical choose

Two repeat sexual predators have been granted freedom from jail with dozens of strict circumstances regardless of issues they might be a hazard...