Facebook - Security researcher shares serious vulnerability with CEO
Facecrooks shares an interesting account of how a serious vulnerability reported by a security researcher was not initially seen as important fix. To gain attention, an unauthorized post of the main profile of CEO was made leading to a quick acknowledgement of the issue.
QUOTE: Facebook’s White Hat program has awarded over $1 million to computer experts around the world for finding and reporting security flaws on the site. However, they ignored the reports of a Palestinian IT researcher last week, and he took an audacious step to get their attention.
The researcher, Khalil Shreateh, found a hack that allowed him to post on the walls of users with whom he wasn’t friends. This seemed like a major security breach to Shreateh, so he reported it to Facebook. However, the site responded by telling him that it wasn’t a bug. Instead of giving up Shreateh, took a bold step: he posted directly on the Facebook wall of Mark Zuckerberg to illustrate the error.
Within minutes, he says, he was contacted by a Facebook security official to fix the bug. However, he was not awarded money for his good deed because his actions violated the site’s Terms of Service. His profile was even temporarily suspended. “We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site,” the company told Shreateh in an email.