An information system expert claims to have discovered a Facebook bug allowing users to post on a private Facebook wall. After being ignored by Facebook he posted directly on Mark Zuckerberg’s wall.
Khalil Shreateh, an IT expert from Palestine, claims to have found a vulnerability in Facebook’s privacy service but was ignored by the social-networking giant when he tried to alert them.
In Shreateh’s blog post, he states that he reported the bug to Facebook via. the company’s Whitehat service that urges security researcher’s to inform them right away.
Any bugs found can receive a minimum reward of $500 and increases depending on severity and creativity.
In order to prove the exploit, Shreateh posted on Sarah Goodin’s Facebook. Goodin was one of the first to create a page on Facebook.
He sent a screenshot of the wall post to Facebook Security only to receive a reply, “I am sorry this is not a bug.”
The ability to post to non friends Facebook users walls meant that Shreateh could then post on Mark Zuckberg’s Facebook wall in order to gain more attention to the problem and be taken seriously.
He was then immediately contacted by Facebook’s security manager, Ola Okelola.
Shreateh’s Facebook account was initially suspended but then re-enabled.
A Security engineer stated, “Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it.”
The e-mail then concluded that Shreateh would not be paid for discovering the vulnerability because the way he did it violated the T&C’s.