One of the most important thing of anyone keen about security is to keep up to date with what is going on... Hence I have a good collection of rss feed security's related. One post that caught my attention a couple of months ago was this one from Stephen Sclafani. In a nutshell he was able to get a more than decent bounty of 20000$exploiting some old Facebook API that is the precursor of Facebook's OAuth implementation. Since I am a curious person I decided to give a look at these old APIs just to see the evolution of security over time. I was not hoping to find anything interesting under the bounty point of view since Stephen had found them all (he even did a second blog post collecting another 20000$!!). Well, indeed I was right until some extent. I haven't found anything interesting under the security point of view (strictly speaking) nevertheless I was able to find a minor security issue ( Information disclosure) that got rewarded by Facebook with a bounty... :)