Hacker exposes Facebook security flaw on Mark Zuckerberg’s wall

(Image from Khalil Shreateh's blog)Sometimes, all we want is to be heard. That’s how Palestinian IT expert Khalil Shreateh felt when he stumbled across a security flaw on Facebook that allowed him to post on the walls of people outside his network (typically on Facebook, you can only post on the Timeline of your ‘Friends’). But after getting a less-than-satisfactory reply from Facebook, Shreateh decided to take more drastic measures.

He demonstrated the security flaw with the Timeline of Facebook founder and CEO Mark Zuckerberg.

According to the Toronto Sun, Shreateh found the bug, and reached out to Facebook to notify them of the security flaw. Facebook rewards its users for highlighting such flaws with a minimum $500 USD cash reward. But when Shreateh emailed them, a member of the Facebook security team said they only saw an error, not an actual bug.

[ Related: Facebook makes users discouraged and unhappy, according to study ]

So Shreateh decided to demonstrate, posting to Zuckerberg’s Timeline and explaining both the bug he had found and the response he had received so far:

(Image from Khalil Shreateh's blog)

According to a blog post by Shreateh, he was contacted by a security engineer within minutes, followed by his Facebook account being disabled as what was labeled a “security precaution.” Shreateh has since had his account restored.

He says that he then received an email from Facebook, explaining that he did not provide enough technical information when he had contacted them previously. The company says that they have since fixed the bug.

Unfortunately for Shreateh, his actions exempt him from Facebook’s cash reward, but that doesn’t seem to have discouraged him from basking in the fame of his stunt.

 

Need to know what’s hot in tech? Follow @YRightClick on Twitter!