Security Researcher Posts to Zuckerberg’s Wall to Demonstrate Facebook Flaw
A security researcher posted information about a Facebook bug on CEO Mark Zuckerberg’s wall in order to prove that a security flaw existed which allows people to post on someone’s wall without being in their friends’ list.
Khalil Shreateh had tried to report the bug to Facebook’s security team before he posted something to Sarah Goodin’s wall, a friend of Facebook CEO Mark Zuckerberg. However, until then he wasn’t taken seriously.
Shreateh then utilised the flaw to post a message on Zuckerberg’s wall and explained the flaw which resulted in immediate action.
Within a few minutes he was contacted by the site’s security engineer for more details.
Facebook has a bounty program where it will pay people to report buys, however, it didn’t pay the $500+ fee to Shreateh as it claims that he violated the site’s terms of service. Facebook software engineer Matt Jones, said that the “issue here is with how the bug was demonstrated using the accounts of real people without their permission. Exploiting bugs to impact real users is not acceptable behaviour for a white hat.”
However, the site has asked him to continue to help them find bugs.