He's not wrong, you're just misunderstanding him. He's not saying there aren't "valuable" or "interesting" Facebook accounts. He's saying that there aren't enough Facebook accounts with immediate drop-in value to an existing and lucrative criminal enterprise to create a competitive market for Facebook bugs.
I would agree, being that I cannot immediately detail how these Facebook accounts might be useful, but any information is useful, especially credentials.
(Valuable != "immediate drop-in value")? So, he's saying the accounts aren't valuable, but they have value? The subtlety is lost on me...
The info might be useful to someone, but not to the people who are buying vulnerabilities on the black market.
Imagine going to a tech trade show and setting up a stand for your lumber business. What you're selling has value and is useful, just not to the people you're trying to sell it to.
Let's assume the position of a spammer or ~0-day blackhatter... access to the accounts of the most popular website in the world are not of interest? (You could post a URL and have millions of people click it because they trust the poster.)
Is that a retort or simply an unrelated observation?
Edit: My intent was to understand your perspective (and argue...), but this comment goes over my head, and it seems as though it was a thinly veiled insult.
What I'm understanding here is, that while it might be profitable to someone to have an exploit on hand that they can use, the actual work that goes into turning a profit from the exploit may be me costly enough that its not worth pursuing.
Not sure if you read Cryptonomicon, but there's a part there where Randy Waterhouse finds a crap load of gold in the middle of a jungle and then rationalizes that there's no easy way to get it out of there, making it worthless at that moment. That gold has value, but no liquidity.
This is a forum focused on the startup community. The difference between the merely-useful and the truly-marketable has been discussed ad nauseum on these pages, as that difference makes and breaks many startups.
But what can you really do with the Facebook login of, say Obama?
Not provoking WW3, that's for sure.
The only thing you can realistically create is a PR kerfuffle for Facebook, but considering the way to spread it would be (wait for it) on Facebook itself, there's not much money is this.
You simply log into the Bloomberg/AP/NYTimes account, post some fake economic or political news, and then call in some options you purchased the week before.
If done intelligently, this is incredibly difficult to trace. There is risk (rather than a straight-up sale), but the expected returns are probably an order of magnitude higher.
>You simply log into the Bloomberg/AP/NYTimes account, post some fake economic or political news, and then call in some options you purchased the week before.
It would likely be far cheaper and easier to execute something like this via social engineering than using an actual exploit. I'm reminded of the time Twitter user @m had his handle stolen because Apple gave up some personal info.
Given that there are likely 100s if not 1000s of FB users who may have access to Bloomberg/AP/NYTimes official page, figuring out in an automated fashion of who can be easily socially engineered isn't likely worth 15k.
That statement is just plain wrong. With over a billion Facebook users, surely some of them are high-value targets.