Facebook bug allows users to post on anyone’s wall, even Zuckerberg’s

An information system expert claims to have discovered a Facebook bug allowing users to post on a private Facebook wall. After being ignored by Facebook he posted directly on Mark Zuckerberg’s wall.

Khalil Shreateh, an IT expert from Palestine, claims to have found a vulnerability in Facebook’s privacy service but was ignored by the social-networking giant when he tried to alert them.

In Shreateh’s blog post, he states that he reported the bug to Facebook via. the company’s Whitehat service that urges security researcher’s to inform them right away.

Any bugs found can receive a minimum reward of $500 and increases depending on severity and creativity.

In order to prove the exploit, Shreateh posted on Sarah Goodin’s Facebook. Goodin was one of the first to create a page on Facebook.

He sent a screenshot of the wall post to Facebook Security only to receive a reply, “I am sorry this is not a bug.”

The ability to post to non friends Facebook users walls meant that Shreateh could then post on Mark Zuckberg’s Facebook wall in order to gain more attention to the problem and be taken seriously.

He was then immediately contacted by Facebook’s security manager, Ola Okelola.

Shreateh’s Facebook account was initially suspended but then re-enabled.

A Security engineer stated, “Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it.”

The e-mail then concluded that Shreateh would not be paid for discovering the vulnerability because the way he did it violated the T&C’s.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s