In order to prove that social media giant Facebook has a security flaw that can allow people to post on someone's wall without being in their friends' list, a security researcher went a step ahead to prove his point and posted about the bug on the CEO's wall.
Khalil Shreateh from Palestine initially tried to
report the bug to Facebook's security team before posting something to Sarah
Goodin's wall, a friend of Facebook CEO Mark Zuckerberg but he was not taken
seriously till then.
Shreateh then used the bug and posted a message on
Zuckerberg's wall and explained about the flaw which prompted immediate action
and within minutes the site's security engineer contacted him and asked for the
details.
Facebook has a bounty program where it pays people to
report bugs instead of using them maliciously but it did not pay the $US500+
fee amount to Shreateh because they cited him violating the site's terms of
service, although, they asked him to continue to help them find bugs.
The site's security team then later confirmed that the
bug had been fixed and added that bounty was denied because Shreateh did not
include enough technical info when he tried to report the bug, the report
added.
No comments:
Post a Comment