if you are a has the ability to find vulnerabilities hackers from Facebook, you can choose to submit it to white hat reporting system and get a reward.
but if Facebook ignore you submit a bug report, what will you do with it?
a Palestinian hackers have opted to use what he tried to report bug, will report directly to stick into the Facebook founder mark Zuckerberg’s personal account of the time line.
the named Khalil Shreate Palestinian developer and hackers found a way to bypass the facebook privacy Settings, can be in any time the user online content – even if the user is not your personal friends.
at first, he will try to through the mail the vulnerability report into the holes rewards program. But he failed to identify the social network has reported vulnerabilities (according to him).
before reporting the vulnerability, Shreateh tested successfully in Sarah Goodin (university of zuckerberg’s former classmates) message content is posted on the wall. He will even the link is attached to the report in the email, but received an email to Facebook system security staff (called Emrakul) cannot view the content in the link – not because he and Goodin in Facebook friends relationship.
Shreateh and he sent a official report again explain the loophole. This time Emrakul according to its appeal replied: I’m sorry, but this is not a hole. So Shreateh answer: OK, it seems I have no choice but to mark submitted in person.
then he actually do that!
the masterpiece attracts Ola Okelola, another Facebook safety engineer’s attention. Okelola released by entry under comments, ask the other details of the holes. After brief discussion, Shreateh Facebook account is disabled as a warning. Another Facebook called Joshua safety engineer Shreateh via the mail.
“I’m sorry, you submit report to the Whiteha t system does not provide enough technical details,” Joshua wrote. “We can’t report to not contain sufficient detail to take countermeasures”. He added: “because of your behavior violated the system normal operation, so we unfortunately inform you can’t report to you a loophole for bonus payments.”
Shreateh post content in zuckerberg’s time online behavior also violated Facebook reporting responsibility regulations: ban users use of loopholes in the case of without the consent of the other users, show holes on other users.
“one more important thing is to show loophole, in the case of without the consent of the parties to use the authenticated user account”, facebook’s Matt Jones on Hacker News website said. Facebook told Mashable the Jones is Facebook’s staff.
“for white hat, loopholes to authenticate users using total is unacceptable behavior. We went to complete the responsible research behavior. And in this case, the researchers used he found vulnerabilities, nod but didn’t get many users publish content in their time line.
Facebook declined to comment further. In addition, according to Jones’s comments on Thursday for the vulnerability have been restored.
rewarded by Shreateh because he was not found, because he violates the disclosure rules.