03 September 2013

Facebook Refused to Award a Hacker


597230_1376942540.6806.jpg


Facebook team was humiliated by a hacker after it was trying spin out the news the software was flawed. It is known that the largest social network in the world has a policy that it is ready to pay at least $500 for any security flaw a hacker can find.




Khalil, a systems information expert from Palestine, discovered a flaw which allowed anyone to post to someone else’s timeline even if they are not friends. Khalil reported the flaw to Facebook security team twice, but with no result. He warned Facebook that he could post to Mark Zuckerberg’s wall, but the security experts claimed it wasn’t a bug at all. After this, Khalil posted an Enrique Iglesias video to the wall of Zuckerberg’s schoolmate. However, Facebook team still insisted that since one couldn’t see that post unless they are a friend of a user, it was all right.

Khalil said ok and posted onto Zuckerberg’s wall details of the security flaw. It should be noted that the hacker was very nice about it and apologized for violating Mark’s privacy. In a few seconds Khalil’s Facebook account was suspended and Facebook engineer contacted him to request all the details of the vulnerability. This time they explained that he hadn’t provided enough technical details for them to take action on it. In addition, they claimed that even by proving to them the hack existed, the company couldn’t pay him for the security hole because his actions broke Facebook’s Terms of Service.

It is unknown why the security team hasn’t said from the very beginning that they could see what the hacker talking about but lacked technical details. As you can see, Khalil tried to contact Facebook at least twice and both times they refused to act. So, it turned out that the hacker who found the exploit lost out by forcing someone at Facebook to understand it was a security hole. Frankly speaking, Khalil was punished for his good faith, while he could have sold it on to a 3rd party and make more cash that way.

No comments:

Post a Comment