Now Playing
Mix 965 Tulsa
Last Song Played
Today's Best Music!
On Air
No Program
Now Playing
Mix 965 Tulsa
Last Song Played
Today's Best Music!

Posted: August 19, 2013

Hacker posts on Zuckerberg's Facebook wall

This Oct. 15, 2011 file photo shows Facebook CEO Mark Zuckerberg during a meeting in San Francisco.

By Evan Thomas

One IT expert took drastic measures to report a bug to Facebook’s security team.

A Palestine-based Facebook user, who goes by Khalil, says he discovered a bug through which someone can post to any other Facebook user’s wall, at any time. This bypasses any security restrictions the user has set up. (Via YouTube / SmartKhalil)

Khalil reported the bug through Facebook’s built-in white-hat security reporting tool. The company often distributes bounties for legitimate security concerns.

But on his website, Khalil posted an email conversation with Facebook’s security team, who repeatedly told him his find wasn’t a bug. (Via khalil-sh.blogspot.ru)

So Khalil went straight to the top. He used the very vulnerability he was trying to report to post an explanation on Mark Zuckerberg’s wall. (Via The Verge)

Very quickly after that, Facebook security got back in touch, requesting details on the hack. Khalil’s Facebook account was disabled in the meantime as a precaution.

RT reports Facebook eventually agreed this was an exploit that would need patching — but Khalil wouldn’t be compensated “because his actions violated the website’s security terms of service.”

“[Facebook] sets a number of rules that security analysts should follow in order to be eligible for a cash reward. Facebook did not specify which of the rules Khalil had broken.” (Via RT)

A member of Facebook’s security team posted on Hacker News to clarify — Facebook will only compensate white hats if they “make a good faith effort to avoid privacy violations.” Posting straight to the CEO’s wall is a disqualification.

So no payout for Khalil, but his account has been reinstated, and Facebook says it hopes he will continue to report security vulnerabilities through the appropriate channels. The cross-wall posting trick has been patched as of Thursday. 

See more at Newsy.com


There are no comments yet. Be the first to post your thoughts. or Register.