We often hear stories how a hacker breaks into a business’s web site, then the company ends up hiring said hacker as some sort of adviser to prevent future attacks. For few reason, we doubt Facebook is going to hire Khalil Shreateh,after he hacked Mark Zuckerberg’s wall to prove the security flaws.
Earlier this month, the researcher discovered a bug that allowed him to post on any user’s Facebook wall regardless of privacy settings. He also tested the vulnerability on Sarah Goodin - one of Zuckerberg’s friends. After reporting the bug to Facebook, the company’s security engineer known as Emrakul did very little to assist, solely replying in one sentence responses. “I don't see anything once I click link except an error,” wrote one email. “I am sorry this is not a bug.”
Frustrated, Shreateh felt he has an alternative choice to prove his point on the Zuck’s wall, hoping that by reporting to the CEO directly, someone will address the security flaw. “First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team,” Shreateh wrote, before providing descriptions and links to the issue. As if the matter wasn't comic enough, Shreateh’s profile photo is a picture of Edward Snowden.
Shortly after the post, another Facebook engineer named Ola Okelola contacted Shreateh for more details. As a result, Shreateh’s Facebook was temporarily disabled as a “precaution,” and Okelola explained to Shreateh that his report did not contain enough technical info required for taking action by the Team. Facebook conjointly aforementioned it cannot pay Shreateh a gift since he exploited the vulnerability, therefore violating the site’s terms of service.
Earlier this month, the researcher discovered a bug that allowed him to post on any user’s Facebook wall regardless of privacy settings. He also tested the vulnerability on Sarah Goodin - one of Zuckerberg’s friends. After reporting the bug to Facebook, the company’s security engineer known as Emrakul did very little to assist, solely replying in one sentence responses. “I don't see anything once I click link except an error,” wrote one email. “I am sorry this is not a bug.”
Frustrated, Shreateh felt he has an alternative choice to prove his point on the Zuck’s wall, hoping that by reporting to the CEO directly, someone will address the security flaw. “First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team,” Shreateh wrote, before providing descriptions and links to the issue. As if the matter wasn't comic enough, Shreateh’s profile photo is a picture of Edward Snowden.
Shortly after the post, another Facebook engineer named Ola Okelola contacted Shreateh for more details. As a result, Shreateh’s Facebook was temporarily disabled as a “precaution,” and Okelola explained to Shreateh that his report did not contain enough technical info required for taking action by the Team. Facebook conjointly aforementioned it cannot pay Shreateh a gift since he exploited the vulnerability, therefore violating the site’s terms of service.
No comments:
Post a Comment