21st Century Wire says…
Are Facebook that tight-fisted when it comes to rewarding the white hat crowd?
They ignored Khalil Shreateh after he warned them without breaking Privacy, and then when he proved there was a bug he gets the corporate gas-face. Not even a case of beer?
Not cool Facebook.
If we were in charge of the social network, we would’ve hired him on the spot…
An unemployed Palestinian developer named Khalil Shreateh tried several times to report a bug to Facebook’s security team. When no one got back to him, he took the (dubiously) logical next step: exploited the bug to leave a public comment on Facebook CEO Mark Zuckerberg’s wall.
“First sorry for breaking your privacy and post to your wall,” an apparent screenshot of the hack reads. “I has [sic] no other choice to make after all the reports i sent to Facebook team.”
But it’s not exactly newsworthy that Shreateh found a bug — that happens all the time. In fact, Facebook runs a program that encourages white hat hackers to find and report bugs in Facebook infrastructure in exchange for a cash reward. What is unusual is that Facebook didn’t respond to Shreateh’s initial reports about the bug, and that Shreateh then exploited it in violation of Facebook’s policies for white hat hackers.
“The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission,” insisted Matt Jones, a Facebook software engineer, on the forum Hacker News. “Exploiting bugs to impact real users is not acceptable behavior for a white hat.”
So why didn’t Facebook respond right away to Shreateh’s reports? Judging by the e-mail threads with Facebook’s security team that Shreateh posted on his blog, it looks like his bug was lost — literally — in translation. Shreateh’s English is a little shaky, and the Facebook developer he corresponded with doesn’t seem to understand the report…