Palestinian Exposes Facebook Security Flaw by Hacking Zuckerberg’s Personal Wall
Khalil Shreateh earned a Bachelor of Arts in Information Systems and apparently has an eye for security. He recently stumbled upon a security hole in Facebook which would expose a person’s account to strangers regardless of their security settings. He notified Facebook’s security team of the bug, but they disagreed that the finding was a security hole.
Shreateh was interested in earning the $500 USD bounty paid by Facebook to anyone finding a legitimate bug in their security; Shreateh demonstrated the bug by posting to one of Zuckerberg’s college buddies from Harvard which he believed would demonstrate the potential of the bug.
‘My name is Khalil Shreateh. I finished school with B.A degree in Information Systems . I would like to report a bug in your main site (www.facebook.com) which i discovered it…The bug allow Facebook users to share links to other facebook users , I tested it on Sarah.Goodin wall and I got success post.’
When that failed to get the security team’s attention, he exposed the bug once again by posting directly to founder Mark Zuckerberg’s account.
Obviously, that raised alarms. His comment wasn’t inappropriate. Rather, Shreateh apologized to Zuckerberg for making the post, but explained that he did so after the billionaire CEO’s security team ignored his finding of the bug. Needless to say, the security team has taken note of the security flaw and fixed it.
‘Sorry for breaking your privacy,’ he wrote in a since removed post to Zuckerberg, ‘I had no other choice…after all the reports I sent to Facebook team.’
However, they refuse to pay Shreateh the $500 finder’s fee. Why? Because of a technicality. They claim that he should have used a test account to demonstrate the flaw and not someone’s personal account. Bear in mind, billionaire Zuckerberg is known for his stinginess and unwillingness to tip.
Shreateh went on to recount his attempts to warn the website and posted a grab of the post on his blog.
On The Web:
Computer expert hacks into Mark Zuckerberg’s Facebook page to expose the site’s vulnerability after his security warnings were dismissed (…they’re taking it seriously now though)