HomeclosedFAQRegisterLog in

Share | 
 

 What do you think guys?

Go down 
AuthorMessage
WizkiD
WhiteHat Senior MOD
WhiteHat Senior MOD
avatar

Posts : 45
White Hat Points : 121
White Hat Reputation : 2
Join date : 2013-07-30

PostSubject: What do you think guys?   Wed Aug 21, 2013 8:58 am



[You must be registered and logged in to see this image.]

Facebook’s security team has been left rather embarrassed this week after deciding to ignore a submitted vulnerability report only to find the exploit used to post on Mark Zuckerberg’s wall.

The vulnerability was reported by a Palestinian white hat hacker named Khalil and outlined a way to allow anyone to post on a user’s wall. He followed the rules by using Facebook’s feedback system to file the bug and even included an example of it being used. However, Facebook ignored the report and when Khalil submitted it again he was told it wasn’t a bug.

Knowing he had a legitimate exploit and Facebook wasn’t going to fix it, Khalil decided to take much more drastic and public action. He proceeded to use the exploit to post his bug report on Mark Zuckerberg’s own wall. As you’d expect, it only took a few minutes for Facebook to notice the post and contact Khalil to find out more about how he’d managed to circumvent the user account security.

[You must be registered and logged in to see this image.]

Was Khalil wrong to take such action? From a user security point of view he wasn’t as Facebook had decided to ignore and dismiss an exploit he knew worked. But Facebook doesn’t see it that way and has refused to pay Khalil the $500 reward he is entitled to. The reason being he broke the rules by using the exploit.

I think in this case Facebook should issue the reward because of their own failings. They should also make it clear they want Khalil to keep looking for security issues as he’s already found something they completely overlooked.

For those of you interested, Khalil posted a video demonstrating the exploit in action:

[You must be registered and logged in to see this link.]


Source:
[You must be registered and logged in to see this link.]

_________________
[You must be registered and logged in to see this image.]
"Follow your Curiosity"
Back to top Go down
 
What do you think guys?
Back to top 
Page 1 of 1
 Similar topics
-
» Rate these guys
» Sorry, guys!
» Toy Story LEGO + MATTEL WWE
» Hey Guys! My Brute: Bekir Cem
» and you guys thought civic was nice....

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical White Hat Hackers :: Community and Assistance :: News-
Jump to: