<html>
<p>&nbsp;</p>
<p><img src="http://gainesvillescene.com/wp-content/uploads/2014/02/url1.jpeg"/>An anonymous reader shares an article on The Register: A bug bounty hunter compromises a Facebook staff server through a sloppy file-sharing webapp — and finds someone’s already beaten him to it by backdooring the machine. The pseudo-anonymous penetration tester Orange Tsai, who works for Taiwan-based outfit Devcore, banked $10,000 from Facebook in February for successfully drilling into the vulnerable system. According to Tsai, he or she stumbled across malware installed by someone else that was stealing usernames and passwords of FB employees who logged into the machine. The login credentials were siphoned off to an outside computer. According to Facebook security engineer Reginaldo Silva, the password-slurping malware was installed by another security researcher who had earlier poked around within Facebook’s system in an attempt to snag a bug bounty.&nbsp;</p>
<p>originally posted at:&nbsp;</p>
<p>http://hostgators.website/039-i-hacked-facebook-and-found-someone-had-beaten-me-to-it-039/</p>
</html>