Facebook Vulnerability: A Palestinian Hacker Posts on Zuckerberg’s Wall

30 Flares Filament.io 30 Flares ×

So, you have set your privacy settings on Facebook in a secure way, so that no one can directly post on your Facebook Timeline or wall. Yeah, many people set such privacy preferences so that nobody can spread spams on their respective Facebook walls, and they are required to approve the posts, if someone posts on their Timeline and they want to get it published on their walls. If you are thinking that Facebook is secure enough to keep your privacy safe, then you are wrong and a Palestinian hacker have proved it to be true. Just recently, a hacker from Palestine known as ‘Khalil Shreateh‘ discovered a serious security flaw in the Facebook system. He stated that with this bug in the Facebook’s coding, can allow any Facebook user to post on any other user’s wall or timeline, even if he or she and the  victim user are not friends, or the other user has privacy settings enabled so that he or she can review it before allowing it to get posted on his or her wall.

Hacker Posts on Mark Zuckerberg's Wall

Khalil posted on his blog that he discovered this flaw a few days back, and thus tried to contact the Facebook security team about this serious vulnerability. He tried to prove this by posting a video on Sarah Goodin’s wall, who is an old friend of the Facebook CEO – Mark Zuckerberg, and also the first person to sign up for the social networking site. Then he sent the link to the post on Sarah’s wall to the Facebook security team to prove that this is really a serious bug in their system. But a security representative replied that he can’t see anything while clicking on the link, and it was because the person who was viewing it was not a friend of Sarah on Facebook, and she was having her posts to be shown to her friends only, in her privacy settings. And the security representative replied with the following:

Hi Ḱhalil,

I am sorry this is not a bug.
Thanks,

Emrakul
Security
Facebook

It’s a shame about how unconscious Facebook is, about the security of the social networking site. Later on, getting this reply from Facebook, Khalil thought that it’s not worthy to simply letting them know like this, an action was necessary. So, to prove his point, Khalil posted the details of the exploit on Zuckerberg’s Timeline itself. And also let Zuck know that the security team at FB had put no concern about researching about the vulnerability even after his report. Facebook, after that, disabled the Palestinian user’s Facebook account, fearing about any further security breach, but now his account has been reactivated. Later, it was mentioned that there was no technical information about the vulnerability in his report to the security team, and therefore not much concern was put into the report about the glitch. Also, a few minutes later Khalil posted on Mark’s wall, a security engineer at Facebook namely Ola Okelola, contacted the reporter asking further details about the flaw. According to him, the glitch was in the ‘Composer.php‘ file of the Facebook system, which controls all the posting tasks on the popular social networking site.

Facebook Security Bug

Later on, in an email to Khalil Shreateh from Joshua, on behalf of Facebook, informed the hacker that the company will not be able to pay him money as prize for finding the bug, as his actions were against the terms of their service. What do you think? Should Khalil still be awarded for finding this serious flaw in the Facebook mechanism? Speaking personally, I strongly believe that Khalil should really be awarded with some rewards for discovering this really exploitative flaw. What would have happened if he had made the bug available to the internet public, before reporting it to the Facebook security them? There would have spams spreading around the whole social networking website. At last, let us know your opinions and views about the matter!

Also read: Facebook Account Temporarily Locked – How to Unlock it?

 


PrIyAnGsHu is a 16 years old geek and techie from India. He's a gadget lover and loves to play with smartphones. You may also find him doing tweaks with WordPress pretty often. Apart from that, he's an Android fan boy who owns a Galaxy S3 and Galaxy Note.

Advertisement

3 Responses to “Facebook Vulnerability: A Palestinian Hacker Posts on Zuckerberg’s Wall”

  1. Unknown

    Aug 18. 2013

    He was such a noob. If I had found that sort of glitch I would’ve made millions of dollars overnight.

    Reply to this comment
  2. Rahul Chowdhury

    Aug 18. 2013

    He did the right thing, but unfortunately Facebook didn’t take it seriously at first, they should have looked at their system in the first instance.

    Personally I think Khalid should get a reward for finding this bug and reporting it to Facebook instead of using it for other purposes.

    Reply to this comment
  3. Ramakrishna

    Aug 19. 2013

    He should be definitely rewarded…

    Reply to this comment

Leave a Reply

">
© 2013 Tek Plz. All rights reserved.
A part of the CBW Tech Network |=| Scroll to top
30 Flares Twitter 2 Facebook 28 Google+ 0 LinkedIn 0 Pin It Share 0 StumbleUpon 0 Reddit 0 Filament.io 30 Flares ×