Facebook Twitter Google+ Shout YouTube SoundCloud RSS

Zuckerberg’s Facebook page hacked by unemployed web developer

21st Century Wire says…

Are Facebook that tight-fisted when it comes to rewarding the white hat crowd?

They ignored Khalil Shreateh after he warned them without breaking Privacy, and then when he proved there was a bug he gets the corporate gas-face. Not even a case of beer? 

Not cool Facebook.

If we were in charge of the social network, we would’ve hired him on the spot…

Caitlin Dewey
Washington Post

An unemployed Palestinian developer named Khalil Shreateh tried several times to report a bug to Facebook’s security team. When no one got back to him, he took the (dubiously) logical next step: exploited the bug to leave a public comment on Facebook CEO Mark Zuckerberg’s wall.

“First sorry for breaking your privacy and post to your wall,” an apparent screenshot of the hack reads. “I has [sic] no other choice to make after all the reports i sent to Facebook team.”

The break-in, detailed on Shreateh’s blog (and in several agitated posts from Facebook developers on Hacker News), has been more than a little embarrassing for Facebook.

But it’s not exactly newsworthy that Shreateh found a bug — that happens all the time. In fact, Facebook runs a program that encourages white hat hackers to find and report bugs in Facebook infrastructure in exchange for a cash reward. What is unusual is that Facebook didn’t respond to Shreateh’s initial reports about the bug, and that Shreateh then exploited it in violation of Facebook’s policies for white hat hackers.

“The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission,” insisted Matt Jones, a Facebook software engineer, on the forum Hacker News. “Exploiting bugs to impact real users is not acceptable behavior for a white hat.”

So why didn’t Facebook respond right away to Shreateh’s reports? Judging by the e-mail threads with Facebook’s security team that Shreateh posted on his blog, it looks like his bug was lost — literally — in translation. Shreateh’s English is a little shaky, and the Facebook developer he corresponded with doesn’t seem to understand the report…

Read more

21wire

21wire

We are a North American and European-based, grass-roots, independent blog offering geopolitical news and media analysis, working with an array of volunteer contributors who write and help to analyse news and opinion from around the world.
21wire

@21WIRE

Independent Journalist covering news & analysis you won't find on CNN, BBC et al - for those who no longer buy the lies of Mainstream Media... #SundayWire
RT @VanessaBeeley: ANTIFA: Self-Appointed Radical Revolutionaries or Neoliberal Thought Police? https://t.co/XODCJF93Qo via @21WIRE - 1 hour ago
21wire