News

Hacker Demonstrates Facebook Exploit On Mark Zuckerberg's Wall

| 19 Aug 2013 20:30
Mark Zuckerbergs Facebook page

A Palestinian "white hat" hacker decided to make his point by posting on Mark Zuckerberg's wall after Facebook ignored his warnings about a vulnerability in the system.

Khalil Shreateh, a technical sort of fellow from Yatta, Hebron, recently discovered a vulnerability in Facebook that allowed him to post to anyone's wall, even if it was set to private. He reported the issue through Facebook's "Whitehat" system, which offers a minimum reward of $500 for such discoveries, along with a link to a message he'd written on the wall of Sarah Goodin, a woman who attended the same college as Facebook founder Mark Zuckerberg.

Unfortunately, Facebook security told him that the link he provided resulted in an error, so he resubmitted, explaining why the error occurred and also stating that he might post a message on Zuckerberg's wall to get his point across. After his second submission, Facebook said simply that what he was reporting was not a bug, so he did as he'd warned and posted a message detailing the exploit, along with his report to Facebook security (and its dismissive reponse), on Zuckerberg's wall.

Very shortly after the message went up, Shreateh was contacted by a Facebook engineer seeking more information about the exploit; soon after that, his account was disabled. When he filed yet another report asking why, he was told it had been shut down "as a precaution."

"When we discovered your activity we did not fully know what was happening. Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it," a security engineer said in a message. "We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions."

His account has since been re-enabled but sadly, despite clearly finding a bug, Shreateh won't be getting any reward. "We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service," Facebook told him. "We do hope, however, that you continue to work with us to find vulnerabilities in the site."

Source: Khalil, via Gizmodo

RELATED CONTENT
Comments on