Every now and then we get to read amazing stories!
Reginaldo Silva nicely explains how he discovered a potential remote code execution bug on Facebook servers. Unbelievable!
Very well written: http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
Two hours ago Facebook's security team released their side of the story - not less amazing. They awarded Reginaldo the biggest bug bounty payout since the program exists. You all know I quite dislike Facebook, but they responded so fast, it's hard to believe! two thumbs up.