Monday, 19 August 2013 19:47

Facebook Can’t Even Protect Zuckerberg’s Wall


Reading time is around minutes.
Facebook logo

Palestinian security researcher Khalil Shreateh attempted to inform Facebook of a security flaw. Shreateh contacted Facebook with a message stating, “My name is Khalil Shreateh. I finished school with a BA Degreen in Information Systems. I would like to report a bug in your main site (www.facebook.com) which I discovered it… The bug allow Facebook users to share links to others facebook users, I tested it on Sarah Goodin wall and I got success post (sic).” Their lack of interest in asking more questions and denying it was a bug, led to him posting a message directly to Mark Zuckerberg’s wall.

“First sorry for breaking your privacy and post to your wall, I had no other choice to make after all the reports I sent to Facebook team.”

Within an hour of his post on Zuckerberg’s wall his account was suspended and Facebook security was in contact with him looking for all of the details.

Shreateh calls himself a good person and didn’t try and sell the exploit to spammers or scam artists. Facebook typically pays people for finding these loop holes in their system.  However in this case since he broke Facebook’s terms of service by posting to someone else’s account which he did not have consent, they would not pay him anything for the information.

[Ed - The story is interesting in the fact that Shreateh tried on multiple occaisions to report the bug to Facebook and they took no action. Anyone that has tried to get Facebook's security team to do anything about a hacked account or a spammer knows how difficult it is to get them to admit there is any issue at all. However, this is not just a problem with Facebook; far too many online services are unwilling to even admit they might have an issue with their servers, software or other processes. Instead they either claim there is no problem, or push it back on the user. Maybe next time Facebook will not be so quick to ignore someone reporting a bug and perhaps this incident will resonate out to other service providers...]

Tell us what you think in our Forum

Read 2757 times Last modified on Monday, 19 August 2013 19:50

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.