After the social network ignored his advice, computer engineer Khalil Shreateh decided to take matters into his own hands by posting onto the profile of the firm's founder and chief executive.
After notifying the company of the security glitch and failing to receive an acceptable response, Mr Shreateh decided to draw attention to the issue. He chose to highlight the bug, which allowed users "walls" to receive messages from strangers, by posting on 28-year-old Zuckerberg's profile page the following:
Dear Mark Zuckerberg,
First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team.My name is KHALIL, from Palestine.couple days ago i discovered a serious Facebook exploit that allows Facebook users to post to other Facebook users timeline when they are not in friend list .i report that exploit twice , first time i got a replay that my link has an error while opening , other replay i got was “ sorry this is not a bug “ . both reports i sent from www.facebook.com/whitehat , and as you see iam not in your friend list and yet i can post to your timeline.
Mr Shreateh has since revealed the following correspondence, providing proof that he only resorted to hacking Zuckerberg after warning the company that others could exploit the hole in the system.
Facebook who run a bounty system, bribing hackers to reveal their findings, have announced they will not pay Mr Shreateh the usual $500 reward on offer for pointing out flaws in their software. They claimed this was because his actions had violated their "responsible disclosure policy".
No comments:
Post a Comment