Mark Zuckerberg got his Facebook wall hacked today! Mark Zuckerberg got hisFacebook wall h*cked today, in a movethat surprised and embarrassed the company today. Now if only somebody could do this to Google. Here is how the Telegraph reported it: Khalil Shreateh, a systems information expert from Palestine, attempted to report the vulnerability to Facebook’s security team twice, demonstrating that the glitch was real by posting an Enrique Iglesias video on the wall of one of Zuckerberg’s college friends, Sarah Goodin, with whomhe was not connected. However, Facebook dismissed his warnings, claiming that the issue “was not a bug”, as only Goodin’s friends were able to see the poston her wall. Frustrated, Shreateh decided to use the glitch to h*ck into Mark Zuckerberg’s profile page. Ina post which has since been removed, he apologised for breaking Zuckerberg’s privacy, adding: “I had no other choice… after all the reports I sent to Facebook team”. In less than a minute, Shreateh’s Facebook account was suspended and he was contacted by a Facebook security engineer requesting all the details of the exploit. “Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it,” the engineer wrote in an email. “We cannot respond to reports which do not contain enough detail to allow us to reproduce anissue.” Facebook has a policy that it will pay a minimum $500 bounty forany security flaws that a h*cker finds. However, the company hasrefused to pay Shreateh for discovering the vulnerability because his actions violated Facebook’s Terms of Service. In a Hacker News thread, Matt Jones from Facebook’s security team confirmed that the bug has now been fixed, admitting that the company should have asked moredetails afterShreateh’s initial report. “We get hundreds of reports every day. Many of our best reports come from people whose English isn’t great – though this can be challenging, it’s something we work with just fine and we have paid out over$1 million to hundreds of reporters,”he said. “However, many of the reports we get are nonsense or misguided, and even those (if youenter a password then view-source, you can access the password! When you submit a password, it’s sent in the clear over HTTPS!) provide some modicum of reproduction instructions. We should have pushed back asking for more details here.”
Posted on: Thu, 22 Aug 2013 11:00:47 +0000
Recently Viewed Topics
© 2015