It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Madshrimps > WebNews
Facebook denies hacker $500 exploit reward Facebook denies hacker $500 exploit reward
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Facebook denies hacker $500 exploit reward
Thread Tools
Old 20th August 2013, 07:50   #1
[M] Reviewer
Stefan Mileschin's Avatar
Join Date: May 2010
Location: Romania
Posts: 144,333
Stefan Mileschin Freshly Registered
Default Facebook denies hacker $500 exploit reward

Idiots at Facebook were humiliated by a hacker after they tried spin out the news the software was flawed.

Facebook has a policy that it will pay a minimum $500 bounty for any security flaws that a hacker finds.

Khalil, a systems information expert from Palestine, found a vulnerability that allows anyone to post to another user's timeline whether they're friends or not. He tried to report it to Facebook's security team twice.

He even warned them that he could post to Zuckerberg's wall, but they told him that it was not a bug and to go away.

So Khalil posted an Enrique Iglesias video to Sarah Goodin's wall. Goodin was a woman that Zuckerberg went to college with.

The security team still claimed that since you can't see that post unless you're a friend of sarah, it is not a bug.

So he posted onto Mark Zuckerberg's wall details of the security hole. Khalil was very nice about it and said he was sorry for violating his privacy.

In less than a minute his Facebook account was suspended and he was contacted by a Facebook engineer requesting all the details of the exploit.

They claimed that he had not given enough technical information for them to take action on it. Why do we have the impression that this one was bumped up to someone's supervisor?

However, they said that by proving to them the hack existed, Facebook could not pay him for the vulnerability because his actions violated Facebook's Terms of Service.

Of course, it's all his fault, the security team couldn't have said, "Yeah we see what you're talking about we need some more technical information." Khalil tried at least two times to contact them and both times they told them to go forth and multiply. So in other words the guy finding the exploit loses out by forcing someone at Facebook to realise it was a flaw.
Stefan Mileschin is offline   Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
That TOR Exploit Wasn't the NSA After All Stefan Mileschin WebNews 0 8th August 2013 06:23
Oracle's Java exploit may take years to fix Stefan Mileschin WebNews 0 18th January 2013 07:56
Publishers Accused of Trying to Exploit Kickstarter Stefan Mileschin WebNews 0 21st September 2012 07:10
Second Java Zero-Day Exploit Uncovered Stefan Mileschin WebNews 0 31st August 2012 06:48
Facebook Denies Accessing Users Text Messages Stefan Mileschin WebNews 0 27th February 2012 08:23
First Windows 7 Zero-Day Exploit Released jmke WebNews 0 13th November 2009 15:20
Microsoft Offers $250,000 Reward to Catch Worm Authors jmke WebNews 0 15th February 2009 00:07
AMD forums laid low by Windows exploit Sidney WebNews 1 31st January 2006 16:53
Mozilla Firefox 1.0.7 DoS Exploit jmke WebNews 2 17th October 2005 22:59
New Mozilla Firefox 1.0.3 Exploit jmke WebNews 0 8th May 2005 15:58

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 10:51.

Powered by vBulletin® - Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO