Facebook security team ignores bug report
How far will you go to get a well-intentioned motive of yours heard? If you’re this Palestinian Information Security Expert, you would not shy away from breaking into Mark Zuckerberg’s profile to write him a wall post.
In a move that seems right out of the movies, Khalil, a Security Expert from Palestine, ended up writing on Facebook founder Mark Zuckerberg’s wall to alert him of a bug. Khalil says he had to resort to the move after the social networking giant’s security team failed to pay heed to his discovery of a critical vulnerability on it, reports RT.
As you would have guessed it by now, this vulnerability ended up giving you power to break onto anyone’s locked Facebook wall and write them a post. In the wrong hands, this bug could be a potential threat and embarrassment, putting other personal information at risk.
The post Khalil left behind
Khalil reported this vulnerability to Facebook’s security team who has been making big noises about doling out rich rewards in return for reports of bugs of this sort. The social networking website just announced a few weeks ago that it had spent round about $1 million rewarding security researchers who reported creative and critical bugs as part of the Bug Bounty programme. Unfortunately, Facebook merely responded with a, “Sorry, this is not a bug,” to Khalil the second time he reported the bug. He failed to elicit any response from the team the first time round.
After his second rejection, Khalil decided to pull off – what could loosely be described as – a Zuckerberg-esque move and posted information about this bug onto Mark’s wall. Within minutes, he says, Facebook rushed to ask him details about the bug and blocked his profile while trying to patch the vulnerability.
The sad bit about this dramatic story is that the security team has announced that Khalil will not stand to receive a reward for reporting this vulnerability – even though they admitted that it was indeed a bug. The team said that Khalil had violated the website’s security terms of service, although they did not specify which one exactly.
This move, as expected, has had people baying for Facebook’s blood over the incident. A simple Twitter search reveals that users of the micro-blogging websites are unanimous in their opinion that Zuckerberg has lost touch with his own rule-breaking-for-betterment side and should give Khalil the reward he deserves. A user named @jameswindrow wrote, “If Mark Zuckerberg was still the badass developer he used to be he’d make sure this dude Khalil got paid,” while one named Ashar Javed said, “If a guy has reported a bug or issue in #Facebook & you disabled his account. It means you are doing it wrong!” Hopefully Zuckerberg will step in and help Khalil get what’s due.[source:Tech2]