Facebook doubles advertising bug bounty

The social media giant has doubled reward levels for developers who point out flaws in the firm's advertising code.

credit cnet
Credit: CNET

Facebook has doubled rewards for developers who discover flaws in the firm's advertising systems.

The bounty has risen in order to encourage white hat hackers to report security vulnerabilities to the company, following a security audit conducted by Facebook. The social network giant found and fixed a number of security bugs through the audit, but would "like to encourage additional scrutiny from Whitehats to see what we might have missed."

Bugs discovered within the audit included redeeming ad coupons multiple times without expiry, retrieving the name of an unpublished Page via the Ads Create Flow by guessing its Page ID, and a cross-site request forgery (CSRF) bug that allowed the injection of javascript into ads report emails — which in turn forced victims to send malicious emails on your behalf.

In a blog post, security engineer Collin Greene said the pay-out levels will last until the end of the year.

Read this

Six clicks: Top social media management iOS, Android apps and services

Lacking Twitter followers or not reaching customers over Facebook? These apps can make your life easier.

Read More

"Since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them," Greene writes.

Facebook's advertising system comprises of a UI containing both new and old Ad Manager tools, a JavaScript-based Power Editor tool that supports bulk ad edits and uploads, Ads API, analytics and the backend code — which Facebook says isn't directly reachable via the website, but "of the small number of issues that have been found in these areas, they are relatively high-impact."

Approximately $3 million has been paid out in bug bounty rewards to date.

In related news, Facebook launched a new tool this week dubbed " Safety Check ." The new Facebook feature allows users to check in and say they are safe should a natural disaster occur.

Read on: In the world of security