A Palestinian unemployed Researcher Khalil Shreateh has hacked the
personal page of facebook’s CEO Mark Zuckerberg. Khalil in his slightly broken English
wrote the following massage on Mark’s page.
“First, sorry for breaking your privacy and post to your
wallI ha[ve] no other choice to make after all the reports I sent to Facebook
team.”
The break-in, detailed on Shreateh’s blog (and in several agitated
posts from Facebook developers on Hacker News), has been more than a little
embarrassing for Facebook.
But it’s not exactly newsworthy that Shreateh found a bug —
that happens all the time. In fact, Facebook runs a program that encourages
white hat hackers to find and report bugs in Facebook infrastructure in
exchange for a cash reward. What is unusual is that Facebook didn’t respond to
Shreateh’s initial reports about the bug, and that Shreateh then exploited it
in violation of Facebook’s policies for white hat hackers.
Facebook has announced that the flaw, which enabled Shreateh
to post onto any user’s wall, regardless of their privacy settings, has been
fixed.
Shreateh, who describes himself as an unemployed security researcher with a degree in information systems, said he found a hole in Facebook’s systems that let him post to any user’s page, including users not on his Friends list.
Such an exploit would be a virtual gold mine for spammers, scam artists and others seeking to take advantage of the site’s roughly 1 billion users worldwide.
No comments:
Post a Comment