Teenager finds bugs in Google, Facebook, Apple, Microsoft code

Teenager finds bugs in Google, Facebook, Apple, Microsoft code
Published: 03 February 2012 (1718 Views)
When he's not at school, 15-year-old Cim Stordal spends his time playing the Team Fortress video game, shooting his Airsoft pellet gun, and working in a fish shop in Bergen, Norway. But his real passion is finding bugs in software used by millions of people on the Internet.

Stordal has made the Google Security Hall of Fame, been credited with disclosing a cross-site scripting bug to Apple, been thanked by Microsoft for disclosing a vulnerability to the company, and received an elite White Hat Visa card from Facebook with $500 credit on it.

"I got a card for a self-persistent XSS [cross-site scripting flaw] at Facebook, and a nonpersistent XSS at Google, Microsoft, and Apple," he said in a recent Skype interview with CNET. (As a "self-persistent" issue, the bug Stordal disclosed was not exploitable by a third-party because it required a user to take an action to be at risk, according to Facebook.)

"I just look around at the site and find out where I can input HTML and stuff and it's not filtered in the source code. Often they filter some characters but forget some or they totally forget that input," he said. "What an attacker wants is often the cookie, which can be used to log-in as the user."

Stordal says of the sites he poked around in, Apple was the easiest to find a flaw in. "I found the Facebook [hole] after four days and the Google one after three, but Apple took me only five minutes" to find two XSS flaws, he said. (Apple representatives did not respond to a request seeking comment.)


Cim Stordal shows off the White Hat Visa card he received for disclosing a vulnerability to Facebook.
(Credit: Cim Stordal)

The companies appreciate his efforts, particularly because he tells them before going public with any of the details. "Everyone was happy about it and fixed the flaws kind of fast."

Stordal started looking for vulnerabilities in software when he was 14 years old. "I have always loved being on the PC and I already was programming some C++," he said. "So I wanted to do something new and I searched around and learned Basic."

His friends are impressed with his skills and lean on him to help keep their Web sites secure. His parents aren't really sure what to make of his research.

"They think it's kind of cool, I guess, as they don't understand what I do," he said. "But they also don't want me to stay on the computer all day."

His next move is looking for vulnerabilities on mobile devices. He's trying to set up a fuzzer (automated software testing tool) on his iPhone 3GS.

- news.cnet.com

 0

You May Like These Videos

Comments

There are no comments.

Latest stories

US demands constitutionalism

by Staff Reporter | 23 July 2019 | 116 Views

Government defends Mnangagwa's 'kitchen cabinet'

by Mandla Ndlovu | 23 July 2019 | 106 Views

MDC plotting violence

by Clever Nyuki | 23 July 2019 | 108 Views

Tribalism rocks MDC Bulawayo

by Christopher Makaza | 23 July 2019 | 85 Views

How to safely use crypto casinos

by Staff Writer | 23 July 2019 | 68 Views

Mnangagwa congratulates Boris Johnson

by Staff Reporter | 23 July 2019 | 70 Views

Mnangagwa congratulates new British PM, Johnson

by Staff reporter | 23 July 2019 | 72 Views

Zimbabwean official goes missing from netball world cup in UK

by Staff reporter | 23 July 2019 | 124 Views

Zimra to conduct rummage sale

by Ndou Paul | 23 July 2019 | 134 Views

'Obert Mpofu thinks like a lizard'

by Mqondisi Moyo | 23 July 2019 | 156 Views

Zimbabwe nostro accounts have no deposit cover

by Staff reporter | 23 July 2019 | 105 Views

Warrant of arrest for Zanu-PF MP

by ZimLive | 23 July 2019 | 120 Views

Chamisa warns Mnangagwa again

by ZimLive | 23 July 2019 | 129 Views

REVEALED: More Bulwayo councillors sucked in parking tender scam

by Mandla Ndlovu | 23 July 2019 | 87 Views

Bulawayo residents lobby stakeholders for a Commission to run Bulawayo

by Mbonisi Solomon Gumbo | 23 July 2019 | 79 Views

Matabeleland guns for devolution amid government delays

by Makho Precious Moyo | 23 July 2019 | 93 Views

Reliving Gukurahundi and need for reparations by

by Makho Precious Moyo | 23 July 2019 | 82 Views

More turn to suicide as economic hardships bite

by Makho Precious Moyo | 23 July 2019 | 102 Views

Tougher times ahead: Govt

by Staff reporter | 23 July 2019 | 137 Views

Teachers appeal for wages above poverty line

by Staff reporter | 23 July 2019 | 97 Views

Starving police officers exposed to corruption

by Staff reporter | 23 July 2019 | 91 Views

WATCH: Mthwakazi National Anthem

by youtube | 23 July 2019 | 90 Views

20 passengers survive death by a whisker

by Staff reporter | 23 July 2019 | 94 Views

Teachers close schools over slaries

by Mandla Ndlovu | 23 July 2019 | 104 Views

WATCH: Jah Prayzah featuring Iyasa Sadza nemuriwo song

by Mandla Ndlovu | 23 July 2019 | 111 Views

Mnangagwa's minister clashes with CIO boss

by Mandla Ndlovu | 23 July 2019 | 120 Views

AUDIO: Town clerk tried to warn Kambarami and his sidekick

by Staff reporter | 23 July 2019 | 109 Views

Full list of Commissioners to take over Bulawayo City Council

by Mandla Ndlovu | 23 July 2019 | 150 Views

Chiwenga's health remains a huge concern

by Staff reporter | 23 July 2019 | 147 Views

'Zimbabwe killer soldiers are not off the hook'

by Staff reporter | 23 July 2019 | 180 Views

'MDC threat to national security'

by Staff reporter | 23 July 2019 | 115 Views