World Bulletin/News Desk
A Palestinian hacker has been rewarded by internet users across the world for exposing a Facebook security flaw.
“Days ago I discovered a serious Facebook vulnerability that allows a Facebook user to post to all Facebook users timeline even they are not in his friend list,” Khalil Shreateh wrote on his blog.
Shreateh attempted to inform Facebook’s security team by email about the flaw but was turned down the first time after he had only sent in a link with no other details to prove the flaw he had found. The link was found broken by the security team and Shreateh was informed. Shreateh continued to explain the flaw to Facebook but was greeted by an email from security stating, “I am sorry this is not a bug.”
The unemployed Palestinian researcher had also previously informed Facebook he was able to post on Mark Zuckerberg’s page if he wanted to, “I can post to Mark wall either but I will not cause I do respect people privacy..” Shreateh said in an email to Facebook.
Shreateh then exploited the security flaw and posted on Mark Zuckerberg’s wall, “Couple days ago I discovered a serious Facebook exploit that allows users to post to other Facebook users timeline while they are not in friend list,” Shreateh wrote after apologizing for exploiting the security flaw.
“I report that exploit twice, first time I got a replay (reply) that my link has an error while opening, other replay (reply) I got was “sorry this is not a bug”. Both reports I sent from www.facebook.com/whitehat, and as you see iam (I’m) not in your friend list and yet I can post to your timeline,” Shreateh detailed on his post on Zuckerberg’s timeline.
Facebook then in reaction to the hack disabled Shreateh’s account but then re-enabled once they had discovered what had really happened. However, Facebook denied payment for the reporting of the flaw in an email to Shreateh, “We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service.”
Shreateh did receive payment elsewhere from internet users worldwide, a fundraising campaign on website GoFundMe has raised $11,976 from 240 donators in 2 days. The money will be passed on to Khalil Shreateh.Güncelleme Tarihi: 22 Ağustos 2013, 14:37