Hacker posts Facebook bug report on Zuckerberg’s wall

Discussion in 'The Bar' started by dawg, Aug 17, 2013.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    540,047
    Joined:
    Aug 19, 2010
    Messages:
    119,425
    Likes Received:
    90,636
    [​IMG]

    A Palestinian information system expert says he was forced to post a bug report on Mark Zuckerberg’s Facebook page after the social network’s security team failed to recognize that a critical vulnerability he found allows anyone to post on someone's wall.
    The vulnerability, which was reported by a man calling himself ‘Khalil,’ allows any Facebook user to post anything on the walls of other users - even when those users are not included in their list of friends. He reported the vulnerability through Facebook’s security feedback page, which offered a minimum reward of US$500 for each real security bug report.

    However, the social network’s security team failed to acknowledge the bug, even though Khalil enclosed a link to a post he made on the timeline of a random girl who studied at the same college as Facebook CEO Mark Zuckerberg.
    “Sorry, this is not a bug,†Facebook’s security team said in response to Khalil’s second report, in which he offered to reproduce the discussed vulnerability on a test account of Facebook security expert.

    [​IMG]

    [​IMG]



    Just minutes after the post, Khalil says he received a response from a Facebook engineer requesting all the details about the vulnerability. His account was blocked while the security team rushed to close the loophole.
    After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.
    Although Facebook’s White Hat security feedback program sets no reward cap for the most “severe†and “creative†bugs, it sets a number of rules that security analysts should follow in order to be eligible for a cash reward. Facebook did not specify which of the rules Khalil had broken.
    Somewhere between the second and third vulnerability reports, Khalil also recorded a video of himself reproducing the bug.

    [video=youtube;F9J8U9ZpEnw]http://www.youtube.com/watch?v=F9J8U9ZpEnw[/video]

    In its latest reply, Facebook reinstated Khalil’s account and expressed hope that he will continue to work with Facebook to find more vulnerabilities.

    http://rt.com/news/facebook-post-exploit-hacker-zuckerberg-621/
     
  2. DarkFriday

    DarkFriday Fired as a MOD...Twice. Gold

    Reputations:
    717,964
    Joined:
    Jul 6, 2011
    Messages:
    172,001
    Likes Received:
    87,119
  3. Schmoopy

    Schmoopy Shit Mult Hunter

    Reputations:
    216,454
    Joined:
    Aug 25, 2010
    Messages:
    211,015
    Likes Received:
    33,726
    Not reading. :lol:
     
  4. DrivenByDemons

    DrivenByDemons Spinoff Jesus Staff Member

    Reputations:
    259,523
    Joined:
    Sep 16, 2010
    Messages:
    70,109
    Likes Received:
    41,863
    happens all the time. The white hat guys try to do the right thing and the bog boys ignore them.
     
  5. zhukov

    zhukov Time traveler Gold

    Reputations:
    90,190
    Joined:
    Feb 6, 2011
    Messages:
    30,377
    Likes Received:
    9,909
    dicks
     
  6. acagirl98

    acagirl98 Well-Known Member

    Reputations:
    724
    Joined:
    Dec 7, 2010
    Messages:
    9,823
    Likes Received:
    34
    to save a measley $500 - I hate that fucking monster.
     
  7. harlock

    harlock ancora imparo Gold

    Reputations:
    75,023
    Joined:
    Jan 6, 2012
    Messages:
    33,560
    Likes Received:
    7,278
    too bad TLD didn't find the bug :(
     
  8. Double Blizz

    Double Blizz New Member Banned User

    Reputations:
    -28
    Joined:
    Dec 3, 2012
    Messages:
    30,014
    Likes Received:
    1
    Khalifa shoulda at least got.a custom avatar outta the deal