Zuck Gets Dissed
Last weekend, something peculiar happened on Facebook.
An IT expert posted his own bug report directly on Mark Zuckerbergâs wall.
Itâs not supposed to be this way, you know. The appropriate way to handle a bug report is to send it to Facebookâs security team, and if theyâre able to replicate the flaw, they give you $500.
Makes you wish you studied computer science and programming in college, no?
Khalil Shreateh discovered a flaw in Facebookâs security and discovered a way to post to peopleâs pages and walls without their permission. He tried to log this bug with the Facebook security team, but they told him quite curtly: âSorry this is not a bug.â
Shreateh then did what any self-respecting hackerâŠerâŠsecurity expert would do. He took it all the way to the top.
“First, sorry for breaking your privacy and post(ing) to your wall,” wrote the Palestinian on Zuckâs wall.
“I (have) no other choice to make after all the reports I sent to (the) Facebook team.”
The kids at Facebook didnât take too kindly to this, as you may imagine, and suspended his account. They also refused to give him the $500 bucks he deserved.
This, of course, made headlines over the weekend, spurring other hackers to leap to his aid.
Marc Maiffret created a GoFundMe campaign asking those in the security research world to get Shreateh the money due him for finding a critical flaw in the Facebook system. Over the weekend they were able to raise more than the $10,000 they planned, all the up to $13,100 at the time of this publishing.
The entire scenario points to some potential issues with Facebookâs bug report system, though according to one of their software engineers, Matt Jones, the biggest issue may have been that darned language barrier. As it turns out, English isnât Shreatehâs first language. Yet despite his multiple attempts to explain the bug to the security team, they ignored his reports.
According to Shreateh, just minutes after posting to Zuckâs Facebook wall, (without his permission, I should add) he received a comment from Ola Okelola, a software engineer, asking him to describe the bug once again.
That got their attention, eh?
Even after he demonstrated how the bug could be used to post unwanted comments on othersâ walls, Facebook decided the best course of action would be to disable his account.
âFacebook disabled your account as a precaution,â reads the email Shreateh received from Facebook after he hacked into Zuckâs account.
âWhen we discovered your activity we did not fully know what was happening. We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site.â
In a statement, software engineer Jones (not the one who disabled Shreatehâs account) said: âMany of our best reports come from people whose English isnât great â though this can be challenging, itâs something we work with just fine and we have paid out over $1 million to hundreds of reporters.â
Shreateh likely isnât too upset about this incident, though. Heâs recovered access to his Facebook account and heâs walking away from the fray $11,000 richer.
Again, doesnât this make you wish you had paid attention in all those computer classes?