Hacker posts Facebook bug report on Zuckerberg’s wall

[Ramo_Hawk]

A Palestinian information system expert says he was forced to post a bug report on Mark Zuckerberg’s Facebook page after the social network’s security team failed to recognize that a critical vulnerability he found allows anyone to post on someone's wall.

The vulnerability, which was reported by a man calling himself ‘Khalil,’ allows any Facebook user to post anything on the walls of other users - even when those users are not included in their list of friends. He reported the vulnerability through Facebook’s security feedback page, which offered a minimum reward of US$500 for each real security bug report.

However, the social network’s security team failed to acknowledge the bug, even though Khalil enclosed a link to a post he made on the timeline of a random girl who studied at the same college as Facebook CEO Mark Zuckerberg.

“Sorry, this is not a bug,” Facebook’s security team said in response to Khalil’s second report, in which he offered to reproduce the discussed vulnerability on a test account of Facebook security expert.



After receiving the reply, Khalil claims he had no choice but to showcase the problem on Mark Zuckerberg’s wall.

Screenshots on his blog show that Khalil shared details of the exploit, as well as his disappointing experience with the security team, on the Facebook founder’s wall.



 Just minutes after the post, Khalil says he received a response from a Facebook engineer requesting all the details about the vulnerability. His account was blocked while the security team rushed to close the loophole.

After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.

Although Facebook’s White Hat security feedback program sets no reward cap for the most “severe” and “creative” bugs, it sets a number of rules that security analysts should follow in order to be eligible for a cash reward. Facebook did not specify which of the rules Khalil had broken.

Somewhere between the second and third vulnerability reports, Khalil also recorded a video of himself reproducing the bug.

facebook exploit august 2013 ثغرة موقع الفيس بوك

In its latest reply, Facebook reinstated Khalil’s account and expressed hope that he will continue to work with Facebook to find more vulnerabilities.

Source: Hacker posts Facebook bug report on Zuckerberg’s wall

[PulseEffect]

My god, how did I not see this!!1! I could abuse it on my troll friends.

[[WS]Jacob]

You want to keep a guy like him on your side Facebook, otherwise he could turn against you and that's not good.

[Vector]

OMG cool

[Bundy]

After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his name is Khalil instead of John.*

Corrected a small typo.

[Mikal]

Who is Mark Zuckerberg?

[Eps_Smalls]

Who is Mark Zuckerberg?

The facebook creator

[Mikal]

The facebook creator

Don't use Facebook.

[Eps_Smalls]

Don't use Facebook.

Fuck facebook,in the face.Sorry for the off topic but I gotta say this :
People in my country got their mind fucked by facebook,they waste all their time in that shitty timewaster.I closed my facebook account 1 week after I created it,people kept begging for 'photo likes' and comments...Seriously people...stop putting your self down for a fucking fake 'like'.Facebook sucks.

[Marcel]

The arrogance which Facebook displayed during this is symbol of their downfall soon to come.

[Zaila]

After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.

LOL.... Stupid idiots. If they would have listened in the first place, he wouldn't have done it. It was just a good thing he did so they finally would aknowledge that bug.

[Mikal]

f**k facebook,in the face.Sorry for the off topic but I gotta say this :
People in my country got their mind f**ked by facebook,they waste all their time in that shitty timewaster.I closed my facebook account 1 week after I created it,people kept begging for 'photo likes' and comments...Seriously people...stop putting your self down for a f**king fake 'like'.Facebook sucks.

Facebook does suck.

[[WS]Jacob]

LOL.... Stupid idiots. If they would have listened in the first place, he wouldn't have done it. It was just a good thing he did so they finally would aknowledge that bug.

It's funny how they will listen when it directly involves their employees or the CEO himself but not normal users.

[Mikal]

It's funny how they will listen when it directly involves their employees or the CEO himself but not normal users.

The only reason they listened, is because they guy broke their terms and conditions, and no longer had to pay him. :P

[Salmonella]

LOL.... Stupid idiots.

Language please. . .