Leeds, 5th July 2012, Security management and compliance company, RandomStorm, has been listed among the Facebook whitehats after alerting the social networking site to coding flaws that could impact users’ security.

The Facebook whitehat listing is the latest in a string of acknowledgements for RandomStorm’s voluntary research and reporting of vulnerabilities. By alerting website owners, researchers enable them to address security weaknesses before malicious individuals can exploit them to deface the site, hack web servers, or steal customer information.

Under the responsible disclosure programme, RandomStorm security researcher, Avram Marius Gabriel (Twitter @SecurityShell), tested the Facebook site and mobile application and reported several vulnerabilities that he discovered. This private disclosure allowed Facebook sufficient time to fix the vulnerabilities before they were exploited, to ensure that users were not adversely affected.

Avram has also been listed on the eBay Responsible Disclosure Acknowledgement Page; he is named among the Twitter White Hats and also named in the Microsoft Security Response Centre; and the latest Google Hall of Fame.

Praising Avram’s dedication, Andrew Mason, Technical Director and co-founder of RandomStorm commented, “RandomStorm security engineers regularly spend their spare time testing popular online applications and reporting any vulnerabilities to site owners so that they can make them safer for their users. Security is a passion not a nine to five job and our engineers have demonstrated this time and time again. We are delighted to have been acknowledged for helping to secure the top five websites used by the public today.”

RandomStorm provides vulnerability scanning and intrusion detection services to help public and private sector companies to improve their security posture and comply with industry guidelines and data protection regulations. The company is a CESG CHECK security consultancy and certified as both an Approved Scanning Vendor and Qualified Security Assessor by the Payment Card Industry Security Standards Council.

References:

• Facebook whitehats, 2nd July 2012http://www.facebook.com/whitehat/
• Google security Hall of Fame, April – June 2012 http://www.google.com/about/company/halloffame.html
• eBay Responsible Disclosure Acknowledgement page, 28th February 2012: http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
• eBay Security Researchers’ page: http://pages.ebay.com/securitycenter/Researchers.html
• Twitter WhiteHats, 1st February 2012 https://twitter.com/about/security
• Microsoft Security Response Centre, 26th January, 2012http://technet.microsoft.com/en-us/security/cc308589
• Microsoft Security Response Centre: list of researchers, September 2011 http://www.cloudscan.me/2011/10/september-2011-security-researchers.html

About RandomStorm 
RandomStorm is a UK-based network security company, focused on providing enterprise-level, proactive security management tools and services. The company's core products include: xStorm, an online perimeter vulnerability scanning service; iStorm a network security appliance that provides in-depth scanning of the entire corporate network topology; StormProbe an intrusion detection solution (IDS) with intelligent event correlation that alerts companies when critical assets are at risk and AirStorm, a cloud, or appliance-based IDS, to protect corporate wireless infrastructure.

These core products are supported by a range of complementary monitoring, alerting and remediation services developed under the RandomStorm Open Source Initiative.

RandomStorm is a CESG CHECK security consultancy and both an Approved Scanning Vendor and a Qualified Security Assessor for the Payment Card Industry Data Security Standard (PCI DSS). 

Further information (external website)