After repeatedly reporting a bug to Facebook developers and
engineers and
failing to get a response, Khalil (a Palestinian white hacker) decided to demonstrate the security issue to Mark Zuckerberg; He posted on Zuckerberg’s facebook page to show how a user could post to all facebook users even if they were not friends.
Khalil posted the issue on his blog post:
“Days ago I discovered a serious facebook vulnerability that allows a facebook user to post to all facebook users timeline even (if) they are not in his friend list.
I reported that exploit through > wwww.facebook.com/whitehat
Khalil apologised for hacking Zuckerberg’s account. “First sorry for breaking your privacy and post to your wall, I has no other choice to make after all the reports I sent to Facebook team.”
Facebook engineers immediately deactivated Khalil’s FB account to “investigate” but re-activated later after fixing the bug.
But the powers that be at Palo Alto said Khalil was not entitled to an award because he violated privacy rules by posting on a users profile without permission.
failing to get a response, Khalil (a Palestinian white hacker) decided to demonstrate the security issue to Mark Zuckerberg; He posted on Zuckerberg’s facebook page to show how a user could post to all facebook users even if they were not friends.
Khalil posted the issue on his blog post:
“Days ago I discovered a serious facebook vulnerability that allows a facebook user to post to all facebook users timeline even (if) they are not in his friend list.
I reported that exploit through > wwww.facebook.com/whitehat
Khalil apologised for hacking Zuckerberg’s account. “First sorry for breaking your privacy and post to your wall, I has no other choice to make after all the reports I sent to Facebook team.”
Facebook engineers immediately deactivated Khalil’s FB account to “investigate” but re-activated later after fixing the bug.
But the powers that be at Palo Alto said Khalil was not entitled to an award because he violated privacy rules by posting on a users profile without permission.
No comments:
Post a Comment