Khalil Shreateh, a Palestinian security researcher, recently found a way to circumvent Facebook’s security parameters so as to allow anyone to hack into a fellow user’s page and modify their timeline.
Rather than use the technique for harm, he reported the flaw to the Facebook security team. Unfortunately, the team ignored his report, and that’s where things got interesting.
You see, to get the attention of the Facebook team, Shreateh demonstrated the effectiveness of his technique by hacking Facebook founder Mark Zuckerberg’s own wall and posting the following message on it:
Needless to say, this got the attention of the Facebook team, and the issue was resolved immediately.
Now, when a legitimate security issue is reported to Facebook, the person who sent in the message is rewarded $500. Not so in Shreateh’s case — instead, all he saw was the temporary disabling of his account. When Shreateh inquired about his reward, they told him he wouldn’t be receiving any money:
“We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service,” Facebook wrote. “We do hope, however, that you continue to work with us to find vulnerabilities in the site.”
The violation being, specifically, the fact that Shreatah hacked another Facebook user’s wall.
News of Facebook giving Shreateh the shaft got out and soon there was a campaign on GoFundMe set up to see to it that the security researcher was rewarded justly.
The result after 24 hours? Over $11,000 from 178 people.
“I hope this has raised awareness of the importance of independent researchers,” said Marc Maiffret, a security expert at the firm Beyond Trust who led the effort.
“I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the Internet community at large.”
Follow the progress of the charity at GoFundMe.com
Story via: phys.org
Learn more about Electronic Products Magazine