Friday, August 23, 2013

A hacker named as Khalil Shreateh of Palestine, who broke into Mark Zuckerberg's Facebook Timeline reveal a security lapse will probably be awarded nearly $12, 000 from an online crowdsourced campaign. 
The GoFundMe campaign has raised $12, 433 for Shreateh, who states he was forced to hack into Zuckerberg's page to deliver awareness of the security vulnerability of Facebook but  the company had ignored his earlier warnings. The bug that Shreateh discovered permitted him to post on the Timelines of individuals who weren't his Facebook friends. 

The reward for his work was organized by Marc Maiffret, the chief technology officer of security firm BeyondTrust. Khalil Shreateh discovered a vulnerability in, due to miscommunication, he was not awarded a bounty by Facebook for his work, that’s why Maiffret wrote on the GoFundMe campaign page. "Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone." Facebook has a bounty program designed to bribe hackers into reporting glitches they find rather than exploiting them. Such validated reports are worth $500

The Facebook company said Shreateh would not qualify for a reward because he tested the bug against another user. Joe Sullivan, Facebook's Chief Security Officer, clearly explained the company's verdict in a post online. "We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users," he wrote. "It is never acceptable to compromise the security or privacy of other people. Therefore, the researcher could have sent a more detailed report (like the video he later published), and he could have used one of our test accounts to confirm the bug." Shreateh first contacted the Facebook security staff after proving the glitch was genuine by posting on the wall of a friend of the Facebook founder. "My name is Khalil Shreateh. I finished school with Bachelor degree in Information Systems. I would like to report a bug in your main site ( which I discovered it."

But rather of thanking him and fixing the issue, Facebook said it wasn’t a bug. The bug allows Facebook users to share links to other Facebook users, "I tested it on Sarah .Goodin wall and I got a success post." Shreateh, whose first language is Arabic, lives in Palestine and is in no way connected with Zuckerberg’s fellow Harvard alumni Goodin.

On the other hand, instead of repairing the obvious security breach, Facebook replied to Shreateh by saying the issue "was not a bug." Undeterred, Shreateh used the glitch to hack his way onto Mark Zuckerberg’s Facebook page. "Sorry for breaking your privacy," he has written in a since removed post to Zuckerberg, "I had no other choice… after all the reports I sent to Facebook team."Shreateh went on to recount his attempts to warn the website and posted a grab of the post on his blog ( Minutes later, his pleas were answered. Facebook contacted him demanding to know how he’d hacked their boss personal page. "We fixed this bug on Thursday," wrote Matt Jones from Facebook’s security team in a Saturday post on Hacker News


Subscribe to Posts | Subscribe to Comments

- Copyright © Knowledgeable Ideas! ツ by Jexter - Powered by Blogger - Template by Johanes Djogan -