Skip to comments.Mark Zuckerberg's Facebook page hacked to expose bug
Posted on 08/20/2013 5:20:04 AM PDT by themoneytimes
Apparently, nothing can be show up on your Facebook Wall unless posted by you or your friends, but a Palestinian security researcher and hacker Khalil Shreateh just proved this wrong!
On detecting a privacy bug that allowed anyone to post something on a non-friend's Timeline, Shreateh reported the flaw to Facebooks security team but they didnt take his warnings seriously.
After Shreateh failed to evoke a positive response, the Palestinian hacked into and posted a message on CEO Mark Zuckerberg's page last week to expose the glitch and prove a point.
"First, sorry for breaking your privacy and post(ing) to your wall, I (had) no other choice to make after all the reports I sent to (the) Facebook team," Shreateh wrote on Zuckerberg's wall.
Initial attempts rebuffed In the hope of collecting the traditional $500 bounty that Facebook offers to those who voluntarily report such glitches rather than sell them on the black market, Shreateh reported the bug to the security team.
He had written to Facebook security saying, "My name is Khalil Shreateh. I finished school with B.A degree in Information Systems . I would like to report a bug in your main site (www.facebook.com) which i discovered it...The bug allow Facebook users to share links to other facebook users , I tested it on Sarah.Goodin wall and I got success post."
His attempts were initially rebuffed but when Shreteah hacked Facebook founder Mark Zuckerbergs page and post a YouTube video to establish the social networks vulnerability he finally caught their attention.
The security team contacted Shreateh immediately and asked for details on how he did it. Once they understood the bug they acted quickly and fixed the flaw on Thursday.
Facebook software engineer Matthew Jones attributes the language barrier and the volume of reports the site receives for the site's slow response. However, he concedes that the company should have asked for more information.
Matt Jones stated, "Unfortunately, all he submitted was a link to the post he'd already made (on a real account whose consent he did not have) ... saying that 'the bug allow facebook users to share links to other facebook users,' For background, as a few other commenters have pointed out, we get hundreds of reports every day. Many of our best reports come from people whose English isn't great -- though this can be challenging, it's something we work with just fine and we have paid out over $1 million to hundreds of reporters."
Violated the terms of service Unfortunately, the 30-year-old Palestinian was not paid the $500+ fee for exposing the security hole because he violated the Terms of Service by using the accounts of users without their permission. However, the stunt has been hailed and the researcher has been offered a number of jobs.
A crack in the evil?
That totally validates my reason for disengaging from FB!
YEARS ago, I was on FB and joined a “Bass Players Club”.
I was immediately “Friended” by a Jazz Bass Player in Egypt. He played Stand-Up Bass, American Style Jazz, and we began a lively discussion of what it was like playing Jazz in Egypt.
The next week my “Wall” was inundated with MB training and propaganda videos, and Anti-Israel garbage from Hamas. I was so horrified that I totally closed the account and will NEVER, EVER re-up, no matter what the temptation.
Some “friends”, who only communicated with me through FB, have been lost forever, but they must not have been real “friends” to begin with.
I have since joined FR, and THAT’S where my REAL FRiends are!
If JimRob had some marketing sense he could be a billionaire too
Come’on JR - FR is too important to go begging each quarter
You DO NOT have to sell your soul to make money, and we like capitalism around here.
He should have created a second account and posted to himself that way
That said, Facebook are morons for not parting with a measely $500 for finding such a serious flaw.
It will discourage others from reporting flaws.
Zuckerberg is a cheap bastard....the guy does him and
his company a favor and they can’t spring for a lousy
$500 reward because he “violated the terms of service”
bulls**t. In order to find ANY holes in security a
person must by definition violate those terms.
The next hacker won’t be so kind......instead the
next flaw will be sold/publicized and an effort made
to profit from it outside of the FB morons control.
It must run in the company. His CFO just cleared $100M in stock transactions and hired interns at a foundation at ZERO salary! Public pressure humiliated her and she relented...probably paying them with free FB accounts.
You know it, worth millions and they stiff someone who helps them out of $500. What jerks.
Oh well. The Zuckster says snotty nosed, wet behind the ears in life kids are smarter...
We LOVE Capitalism...but let’s call it what it is...”FREE ENTERPRISE”. The Term “Capitalism” is a term with negative connotations because it was popularized by Karl Marx and is a loaded, propaganda word.
That being said, I DO understand why FR does not take advertising. Back in the early days of TV, writers had to be very circumspect in their story lines and dialogue so as “not to offend the SPONSOR”. Rush Limbaugh lost a lot of advertising during the Fluke-up on his program.
Those who love FR will continue to support it, because we treasure the First Amendment as much as we Treasure Free Enterprise.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.