If you ever discover a bug on social networking site Facebook that allows just about anyone to post on your Timeline, then demonstrating it on the CEO's Timeline is the best way to demonstrate the problem -this is exactly what a Palestinian hacker Khalil Shreateh did.
Shreateh, a security researcher, first told Facebook about the bug but got a response that what he identified as a bug "was not a bug". The response prompted Shreateh to try out the bug on the CEO's Timeline just to prove a point.
"First sorry for breaking your privacy and post to your wall," Shreateh posted on Mark Zuckerberg's Timeline. "I has no other choice to make after all the reports I sent to Facebook team." Facebook Timeline is a place on Facebook where users' photos, stories, and statuses are located.
The social networking site fixed the bug Thursday and clarified to reporters that the original tip from Shreateh did not go unheard but that the researcher did not provide ample information about the bug.
Facebook's Matt Jones, a software engineer for the website wrote on Hacker News that the team "should have asked for additional reproduction instructions after his initial report." Jones added in Hacker News' forum, "Unfortunately, all he submitted was a link to the post he'd already made ... Had he included the video initially, we would have caught this much more quickly."
Khalil Shreateh posted a YouTube video showing how he posted on Zuckerberg's Timeline even if the two aren't friends later on to show the team and the world what he had found. Jones also posted in the forum that the Palestinian Shreateh's English was difficult to understand but noted that the social networking site gets the "best reports come from people whose English isn't great."
With the Facebook White Hat program, researchers and hackers can report vulnerabilities to Facebook in exchange for a monetary reward. Shreateh however will not be getting a reward for finding this particular vulnerability because he exploited another person's account to demonstrate the bug without their express permission.
© 2017 Jobs & Hire All rights reserved. Do not reproduce without permission.