Facebook Ignored Security Bug, Researcher Used it to Post Details on Zuckerberg’s wall

[The Verge]
Facebook Nasdaq NYC Stock

If your Facebook profile isn’t public, others aren’t supposed to be able to post content on your wall. Khalil Shreateh, a self-professed IT expert from Palestine, claims to have discovered a vulnerability that lets anyone post a link to other Facebook walls. Shreateh says he reported the bug to Facebook recently, but instead of taking him seriously he claims the company ignored the problem and decided it wasn’t a bug.

In a lengthy blog post outlining the timeline of events, Shreateh says he tested the vulnerability on Sarah Goodin — a friend of Facebook CEO Mark Zuckerberg, and the first woman to sign up to the service — before reporting it through Facebook’s whitehat disclosure service for security researchers. The whitehat service rewards researchers with at least $500 for successful bugs. In a copy of an email sent to Facebook, Shreateh explains the details and notes that the security team might not be able to see his test post as Goodin restricts posts to only her friends. Despite attaching a screenshot of the post, a Facebook security engineer, identified only as Emrakul, replied saying “I am sorry this is not a bug,” without asking for additional information.

Unperturbed by the response, Shreateh decided to notify Mark Zuckerberg himself by posting to his timeline. Minutes later, Facebook security engineer Ola Okelola contacted Shreateh requesting details on the exploit. Facebook disabled his account, presumably fearing a wider security breach.


Related Articles

Back to top button

My News Matters to me - Washington Informer Donations

Be a Part of The Washington Informer Legacy

A donation of your choice empowers our journalists to continue the work to better inform, educate and empower you through technology and resources that you use.

Click Here Today to Support Black Press and be a part of the Legacy!

Subscribe today for free and be the first to have news and information delivered directly to your inbox.

Select list(s) to subscribe to

By submitting this form, you are consenting to receive marketing emails from: Washington Informer Newspaper, 3117 Martin Luther King Jr. Ave SE, Washington, DC, 20032, You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Adblock Detected

Please consider supporting us by disabling your ad blocker