Moscow, January 27. Expert on cyber security, a Russian citizen Andrei Leonov who has received from the social network Facebook and 40 thousand dollars for a discovered vulnerability, said, for which he received a fee.
Leonov, whom the media called Russia's "hacker", emphasizes that it is not because is on the side of "white". He works independently, and the search for vulnerabilities is just a hobby.
Leonov noticed the fact that the functionality "to share the news on Facebook" used as the title image taken from third party servers. However, neither Facebook nor ImageMagick is not checked whether the file format is a JPEG image or something else.
"Seeing this, I could not verify the issue is that some service, in this case Facebook, is processing, he believes, a picture, which I can manage and whose contents can change," — said Leonov.
This vulnerability has the highest rating as classified by the international security consortium OWASP.
Special danger it represents if the computer has access to the user database, the expert explained. Upon discovering the vulnerability, it contacted Facebook technical support, and the error was corrected in November 2016, writes .
aerospace forces of the Russian Federation is planning to replace all its fleet of light fighters to the latest MiG-35.