So, you have set your privacy settings on Facebook in a secure way, so that no one can directly post on your Facebook Timeline or wall. Yeah, many people set such privacy preferences so that nobody can spread spams on their respective Facebook walls, and they are required to approve the posts, if someone posts on their Timeline and they want to get it published on their walls. If you are thinking that Facebook is secure enough to keep your privacy safe, then you are wrong and a Palestinian hacker have proved it to be true. Just recently, a hacker from Palestine known as ‘Khalil Shreateh‘ discovered a serious security flaw in the Facebook system. He stated that with this bug in the Facebook’s coding, can allow any Facebook user to post on any other user’s wall or timeline, even if he or she and the victim user are not friends, or the other user has privacy settings enabled so that he or she can review it before allowing it to get posted on his or her wall.
Khalil posted on his blog that he discovered this flaw a few days back, and thus tried to contact the Facebook security team about this serious vulnerability. He tried to prove this by posting a video on Sarah Goodin’s wall, who is an old friend of the Facebook CEO – Mark Zuckerberg, and also the first person to sign up for the social networking site. Then he sent the link to the post on Sarah’s wall to the Facebook security team to prove that this is really a serious bug in their system. But a security representative replied that he can’t see anything while clicking on the link, and it was because the person who was viewing it was not a friend of Sarah on Facebook, and she was having her posts to be shown to her friends only, in her privacy settings. And the security representative replied with the following:
I am sorry this is not a bug.
It’s a shame about how unconscious Facebook is, about the security of the social networking site. Later on, getting this reply from Facebook, Khalil thought that it’s not worthy to simply letting them know like this, an action was necessary. So, to prove his point, Khalil posted the details of the exploit on Zuckerberg’s Timeline itself. And also let Zuck know that the security team at FB had put no concern about researching about the vulnerability even after his report. Facebook, after that, disabled the Palestinian user’s Facebook account, fearing about any further security breach, but now his account has been reactivated. Later, it was mentioned that there was no technical information about the vulnerability in his report to the security team, and therefore not much concern was put into the report about the glitch. Also, a few minutes later Khalil posted on Mark’s wall, a security engineer at Facebook namely Ola Okelola, contacted the reporter asking further details about the flaw. According to him, the glitch was in the ‘Composer.php‘ file of the Facebook system, which controls all the posting tasks on the popular social networking site.
Later on, in an email to Khalil Shreateh from Joshua, on behalf of Facebook, informed the hacker that the company will not be able to pay him money as prize for finding the bug, as his actions were against the terms of their service. What do you think? Should Khalil still be awarded for finding this serious flaw in the Facebook mechanism? Speaking personally, I strongly believe that Khalil should really be awarded with some rewards for discovering this really exploitative flaw. What would have happened if he had made the bug available to the internet public, before reporting it to the Facebook security them? There would have spams spreading around the whole social networking website. At last, let us know your opinions and views about the matter!