Zuck Gets Dissed
Last weekend, something peculiar happened on Facebook.
An IT expert posted his own bug report directly on Mark Zuckerbergâ€™s wall.
Itâ€™s not supposed to be this way, you know. The appropriate way to handle a bug report is to send it to Facebookâ€™s security team, and if theyâ€™re able to replicate the flaw, they give you $500.
Makes you wish you studied computer science and programming in college, no?
Khalil Shreateh discovered a flaw in Facebookâ€™s security and discovered a way to post to peopleâ€™s pages and walls without their permission. He tried to log this bug with the Facebook security team, but they told him quite curtly: â€śSorry this is not a bug.â€ť
Shreateh then did what any self-respecting hackerâ€¦erâ€¦security expert would do. He took it all the way to the top.
“First, sorry for breaking your privacy and post(ing) to your wall,” wrote the Palestinian on Zuckâ€™s wall.
“I (have) no other choice to make after all the reports I sent to (the) Facebook team.”
The kids at Facebook didnâ€™t take too kindly to this, as you may imagine, and suspended his account. They also refused to give him the $500 bucks he deserved.
This, of course, made headlines over the weekend, spurring other hackers to leap to his aid.
Marc Maiffret created a GoFundMe campaign asking those in the security research world to get Shreateh the money due him for finding a critical flaw in the Facebook system. Over the weekend they were able to raise more than the $10,000 they planned, all the up to $13,100 at the time of this publishing.
The entire scenario points to some potential issues with Facebookâ€™s bug report system, though according to one of their software engineers, Matt Jones, the biggest issue may have been that darned language barrier. As it turns out, English isnâ€™t Shreatehâ€™s first language. Yet despite his multiple attempts to explain the bug to the security team, they ignored his reports.
According to Shreateh, just minutes after posting to Zuckâ€™s Facebook wall, (without his permission, I should add) he received a comment from Ola Okelola, a software engineer, asking him to describe the bug once again.
That got their attention, eh?
Even after he demonstrated how the bug could be used to post unwanted comments on othersâ€™ walls, Facebook decided the best course of action would be to disable his account.
â€śFacebook disabled your account as a precaution,â€ť reads the email Shreateh received from Facebook after he hacked into Zuckâ€™s account.
â€śWhen we discovered your activity we did not fully know what was happening. We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site.â€ť
In a statement, software engineer Jones (not the one who disabled Shreatehâ€™s account) said: â€śMany of our best reports come from people whose English isnâ€™t great â€“ though this can be challenging, itâ€™s something we work with just fine and we have paid out over $1 million to hundreds of reporters.â€ť
Shreateh likely isnâ€™t too upset about this incident, though. Heâ€™s recovered access to his Facebook account and heâ€™s walking away from the fray $11,000 richer.
Again, doesnâ€™t this make you wish you had paid attention in all those computer classes?