Forum Thread: Ethical hacking

If user A is accessing Facebook using mobile site: Here, he needs to make a post.

The user A will go to the profile of user B. For example, User A will go to m.facebook.com/b

Then user A will post the URL of user C (For example, "facebook.com/c") to the B's profile as a post via mobile site.

Here, the magic happens. The post will get automatically disappear, as neither the user A nor B will be able to see the post containing a link of a profile that has been blocked by B. But if B doesn't block C then the post will appear on the user B's Timeline.

It is generally considered ethical to obtain permission before attempting to find vulnerabilities in a website or application. This is known as "ethical hacking" or "white hat hacking." Many companies, including Facebook and Google, have a "bug bounty" program where they offer rewards to security researchers who responsibly disclose vulnerabilities they find.

As for anonymity, it is not strictly necessary to hide your identity when reporting vulnerabilities, but some security researchers prefer to do so in order to avoid any potential legal or professional repercussions. Ultimately, it's up to the individual researcher to decide whether or not to remain anonymous.

Great questions! When it comes to finding vulnerabilities or bugs in websites, it is always recommended that you obtain permission from the website owners first. Attempting to find vulnerabilities without permission could be considered illegal and could lead to criminal charges.

Many companies, including Facebook and Google, have their own Bug Bounty programs that encourage researchers to identify and report vulnerabilities in their systems. These programs offer rewards for finding and reporting bugs, but they also come with clear guidelines and rules for ethical hacking.

To participate in these programs, you will need to register and agree to the program rules, which typically include requirements to avoid disrupting the normal functioning of the system, not disclosing any information about the vulnerability until it has been resolved, and reporting the vulnerability in a responsible and ethical manner.

As for staying anonymous while finding vulnerabilities, it is always a good idea to take steps to protect your identity and privacy when participating in Bug Bounty programs or any other security research. This can include using a pseudonym or alias, creating separate email accounts and using a VPN to protect your online identity. However, you should also be prepared to identify yourself to the company or organization once you have found a vulnerability that you wish to report.