Bug Reporter Denied his Award after Reporting a Bug that could let you post on Zuckerberg's Wall

R

readermaniax

Ambassador of Buzz
*1.bp.blogspot.com/-gSKafdOk0cQ/UhIXZHkUq6I/AAAAAAAAAzg/3g6Yi8YjmpA/s640/facebook_2_1.jpg


*1.bp.blogspot.com/-7kwgyPs_UJY/UhIYCwOizyI/AAAAAAAAAzw/djbwgY8d1Zs/s200/Ashampoo_Snap_2013.08.12_02h52m42s_001_.jpgKhalil Shreateh, a self-professed IT expert from Palestine tried reporting a bug to Facebook which could let you post to anyone's
wall even if you aren't on their friends list. He stated that he first tested the bug on Sarah Goodins and then he reported the Bug through the Facebooks Whitehat Disclosure Service. Facebook ignored it on the grounds saying that it wasn't a bug even after attaching a screenshot of the post in an e-mail to a Facebook engineer' Emrakul until Kahlil posted on Zuckerberg's wall.

*4.bp.blogspot.com/-nDzHNRx_tc0/UhIXhLUbfvI/AAAAAAAAAzo/lXRbqUlSAlY/s640/zuckpost.jpg
A screenshot of Khalil's Post on Zukerbergs wall.

Few minutes after the posting he got a comment on his picture from a Security Engineer Ola Okelola at Facebook asking him to send details of the Bug and was then taken seriously. Facebook banned his profile on the grounds of security and refused to give him the $500 award for reporting the bug. They said he breached the Terms of Service code of Facebook.


*4.bp.blogspot.com/-7C-x1mycH_M/UhIYP14aw3I/AAAAAAAAAz4/EOXLDofTZ2o/s320/Ashampoo_Snap_2013.08.15_12h58m56s_006_.jpg

If Facebook treats the people who report bugs like these why would they ever warn Facebookabout it and instead release it public which could earn them so much more. There could be discussions that Khalil's bad use of English made the people at Facebook take him less seriously at first but then, he did put his point across and that's what matters.

A detailed post could be read at Khalil's Blog. Via Gizolo
 
Saahib

Saahib

Cyborg Agent
Interesting but I remember once a $20K reward was given to find some bug / security hole to a person. May be he was just unlucky. :)
 
lywyre

lywyre

Cyborg Agent
I am not surprised or shocked. But facebook would not bother about this.
They are rolling like a blind juggernaut and someday - hmmm I can only wish - they are going to get :owned:
 
Hrishi

Hrishi

******************
When the Owner get's Owned.!!!
Btw , did you noticed his DP ?? I think it resembles Edward Snowden.
 
Last edited:
rosemolr

rosemolr

Journeyman
Actually i don't find a reason for facebook for not giving out 500$ for this chap...In fact they do encourage people who are finding flaws and bugs..But here the point is that there was a communication gap between the white hat hacker and facebook security team.Apparantly he also posted to Zuckeberg's account too...They might have got embarrassed after getting this and showcased his activity as a violation of terms and conditions! Not to mention this is somewhat a punch in the face of Zuckerberg!!!!
 
S

Santa Maria!

Journeyman
If I understand right, after a communication gap, he broke the terms & conditions by using another person's account to exploit/demonstrate a bug.
 
rosemolr

rosemolr

Journeyman
Of course it is worth more than 500$...On the darker side,I think their security team have underestimated the potential of this vulnerability.

It is just a matter of time to create an automated cross site script to attack the entire users in facebook and start spamming.The reality is that one doesn't need to be a friend to post on the victim's wall,which pretty much open FB's security door wide open to attackers...Not to mention if the vulnerability was revealed before it reached the right hand zuckerberg would have face big time in blocking punches from all over the places!!!

Anyways...This palestenian chap have become a celebrity among white hat hackers...C'mon it is a big deal to find a flaw in a close to perfect social networking site.

For the record,I still remember the days when orkut was take down by brazillian hackers with "bom Sabado" worm..even my account was affected and right away i ditched orkut too.
 
Last edited:
rosemolr

rosemolr

Journeyman
lywyre said:
I am not sure if you are serious or sarcastic :confused:
Click to expand...

Like i said, Close to perfect.

I know that they do have bugs and Facebook for Android is the crappiest app I'm using on a daily basis.

Just in case if you are quoting Google + on your defense:

Google + is good but seriously i cant find difference between my membership in my Local Gym and Google + account!!!

I know i have account in both these places but i never used to visit these places.
 
lywyre

lywyre

Cyborg Agent
rosemolr said:
Just in case if you are quoting Google + on your defense:
Click to expand...

Nope. I ain't defending and why should I? I am only critical of Facebook's privacy issues that are coming out every now and then. Yes, there are issues with other social networks too, but that doesn't take FB near perfection.

P.S: I have ids on both networks though I don't frequent them.
 
¶§Ç

¶§Ç

Broken In
There are only 2 websites are there in the world...

1. The One which is attacked by hackers
2. The Other One which is going to be Attacked By Hackers.

SO there is nothing Like Perfect Website... I used to called Perfect as a Perfect is S H I T
 
You must log in or register to reply here.
Top Bottom