collin
@libber
Followers
2K
Following
7K
Media
8
Statuses
342
An excellent writeup of what makes data "sensitive" and what that means for security and privacy https://t.co/CRBjakuYhT
0
0
0
The differences between performing privacy and security work in a big company for my fellow computer security people. https://t.co/xdQRy9ExwB I'm still newer to privacy work so this is my "most likely to be wrong" writeup, feedback welcome
0
0
5
Thoughts on how to maximize success as an infosec team that needs to roll out changes people may not like - https://t.co/QKQzulqfBv
0
3
22
Shift left in 60 seconds - https://t.co/Mwo4TdVoYK I've had success with shift left as a central strategy of infosec teams for the last n years and attempted a tl;dr of it without marketing fluff
0
1
11
3/ Our goal with these is to celebrate bug hunting and share our lessons with the larger security community. This is our 1st Bug Bulletin and we welcome feedback on how we can make if more useful and informative
1
0
13
2/Our first report includes cool bugs found by our Red Team X, Bug Bounty team and ProdSec. I’m excited to see our teams’ work out there and shared with the security community. I am also happy to see cool work by our #BugBounty researchers shared cc @samm0uda @phwd_
2
0
16
1/ We just published our first Bug Bulletin, the spot where we aim to share cool bugs we found in our own and external code, and how we found them https://t.co/prMglhDCof 🧵
engineering.fb.com
Our inaugural Bug Bulletin report
4
79
332
More info on hacking ar, vr, vc hardware via our bug bounty program https://t.co/TUumjhTPj2
tech.facebook.com
Announcing bug bounty updates for Reality LabsAnnouncing bug bounty updates for Reality LabsWhile we’re at the beginning of our journey to help build the metaverse, security will play an important...
0
4
21
Infosec celebrated at a college football game, a first? @nudehaberdasher where is the cruise+pitt collab? :)
So the coolest thing happened today. @UofMaryland invited my students Kevin Bock, Kyle Hurley, and me onto the field for winning the @USENIXSecurity / Facebook Internet Defense Prize!
1
2
14
Outages won't stop facebook awarding money to good security work, here are this years 3 winners of the internet defense prize:
0
3
20
I'll be presenting "Teaching an old dog new tricks: Reusing security tools in novel domains" at #Enigma2022 in Santa Clara, February 1–3, 2022. It provides case studies of how security tools like Pysa have been used in non-security applications at Facebook https://t.co/xZF7TAVwmg
1
1
7
Open sourcing our 3rd and most recent homegrown static analysis, this time for mobile/java:
0
13
42
Two folks on the Facebook product security team are presenting on our language-spanning security static analysis work. https://t.co/IxTZgtBQCi We are always hiring, SEA, MPK, NYC, LON:
0
2
19
Be well @dakami, RIP One of the purest humans I've ever met. You embodied the best of [hacking, curiosity, fellowship]. The vista pentest summer was one of the best of my life. Even as you mercilessly crushed us at streetfighter2 literally one-handed https://t.co/FzObrUG5gz
This thread is absolutely a love letter to everything I’ve treasured, being an Infosec nerd. A *lot* of people were kinder than they had to be. I’m proud to say I did everything I knew to return the favor, and not ashamed to admit I didn’t always know how. But I can document :)
0
2
26
For those attending @pycon (it's too late to sign up!), check out the out the talk @the_st0rm and I are giving on the myriad of APIs that can enable remote code execution in Python: https://t.co/4MHuxktC12 These examples were originally compiled as a part of our work on Pysa.
1
7
16
https://t.co/BYACUhsStv A decade of facebook bug bounty. 130,000 reports, 6,900 valid, 11.7million paid out. An incredible team of folks lead this program now - it started in a basement and with us taking weekly trips to western union to send money orders to fulfill bounties.
wired.com
The vulnerability was found through the company's bug bounty program, now in its tenth year.
0
7
42
Two improvements to the Facebook bug bounty: HackerPlus our loyalty program ( https://t.co/JNgBh82uXb) and Facebook Bug Description Language (FBDL, https://t.co/ImpUKGfZp5) a way to represent the repro of a bug for ease of understanding and increased payouts.
facebook.com
Making bug triage faster and simpler: rolling out Facebook’s Bug Description Language By Steve Gao, Application Security Engineer The initial triage of security bugs we receive through our Bug...
0
24
100
Sometimes we find bugs in code that isn't ours, now (following the p0 playbook) we have a pathway to disclose them
zdnet.com
Companies have 21 days to acknowledge reports and 90 days to patch vulnerabilities; otherwise, Facebook will go public with bug details.
1
6
40
Hack an oculus headset, or a portal at pwn2own this year. Win cash, prizes, glory.
Looking forward to this event and our participating with our devices for a 2nd consecutive year! Hack on, #Pwn2Own!
0
0
6