CEO Mark Zuckerberg’s Facebook Wall hacked by Jill 2013/08/19 11:49
Aug 19, 2013, 10.32AM IST
Khalil, a Palestinian
white hat hacker, submitted bug reports to Facebook about
a vulnerability that allowed him to post on anyone's wall. But
Facebook's security team didn't do anything.
So Khalil wrote on Mark Zuckerberg's wall about it and was generally a badass.
Khalil explains on his blog that he submitted a full description of the bug, plus follow-up proof of its existence to the Facebook
security feedback page, where researchers can win rewards of at least *500 for finding
significant vulnerabilities. Then
he submitted again.
The second time he got an e-mail back that said, "I am sorry this is not a bug."
When he posted on
Zuckerberg's wall, Khalil said, "First sorry for breaking your
privacy and post to your wall , i has no other choice to make
after all the reports i sent to Facebook team ." He then detailed the situation and provided links.
Within minutes, a Facebook engineer contacted Khalil for
more information and then blocked his account "as a precaution" while a security team fixed the bug. Later his
account was re-enabled. But Facebook says that he cannot
claim a reward for the find because in hacking Zuck's wall
he violated Facebook's terms of
service. They commented that,
"exploiting bugs to impact real users is not acceptable behavior for a white hat. In this case, the
researcher used the bug he discovered to post on the timelines of multiple users
without their consent."
Facebook admits, though, that its team should have been more diligent in following up on
Khalil's submission. So. Cool. Problem solved.
(source : times of india)
Aug 19, 2013, 10.32AM IST
Khalil, a Palestinian
white hat hacker, submitted bug reports to Facebook about
a vulnerability that allowed him to post on anyone's wall. But
Facebook's security team didn't do anything.
So Khalil wrote on Mark Zuckerberg's wall about it and was generally a badass.
Khalil explains on his blog that he submitted a full description of the bug, plus follow-up proof of its existence to the Facebook
security feedback page, where researchers can win rewards of at least *500 for finding
significant vulnerabilities. Then
he submitted again.
The second time he got an e-mail back that said, "I am sorry this is not a bug."
When he posted on
Zuckerberg's wall, Khalil said, "First sorry for breaking your
privacy and post to your wall , i has no other choice to make
after all the reports i sent to Facebook team ." He then detailed the situation and provided links.
Within minutes, a Facebook engineer contacted Khalil for
more information and then blocked his account "as a precaution" while a security team fixed the bug. Later his
account was re-enabled. But Facebook says that he cannot
claim a reward for the find because in hacking Zuck's wall
he violated Facebook's terms of
service. They commented that,
"exploiting bugs to impact real users is not acceptable behavior for a white hat. In this case, the
researcher used the bug he discovered to post on the timelines of multiple users
without their consent."
Facebook admits, though, that its team should have been more diligent in following up on
Khalil's submission. So. Cool. Problem solved.
(source : times of india)
#69 Phones/PCs/Apps
For phones, computing, consoles, gadgets, & internet talk, plus share apps & other files.