A funny thing happened yesterday, when a Palestinian white-hat hacker named Khalil had to go the extra mile in order to reveal a Facebook vulnerability. This guy stumbled upon a serious bug in Facebook and tried to alert the social network’s security team about the issue.
Obviously, the well-trained monkeys from tech support ignored him (that happened to me more than once when I tried to report some serious issues with Facebook) and then Khalil got so frustrated, that he did what every respectable hacker should do: he broke into Mark Zuckerberg’s Facebook account and posted on his wall about his findings.
Obviously, this time Khalil was taken seriously by the tech support team, who blocked his Facebook account(nice move, bravo tech support,ban the whistle blower, how dares he?), the most risible measure. And afterwards, the trained monkeys who are supposed to watch over your Facebook account security allegedly took care of the problem, probably after Zuckerberg gave them a call and fired at least half of them. Yes, I know, I’m ranting.
Moving along with the story, the vulnerability exposed by Khalil allows you to post anything on the Facebook wall (doh!) of any user, even if you’re not on his friends list or he has a private Facebook account.
Khalil’s discovery about the “wall bug” was totally ignored and even denied by Facebook’s “security” team, who actually said that “Sorry, this is not a bug” ; This happened even if he reported it “by the book” via the Facebook’s security feedback page and he also proved his claim by posting on the timeline of a person who had a private account and was also an acquaintance of Mark Zuckerberg’s.
After so much fail from Facebook’s staff, Khalil did what he had to do and posted the whole story on Mark’s own timeline, this time with great success, he was immediately contacted and asked to reveal all the details about the vulnerability.
The coolest part is that Facebook, after reinstated his blocked account, told him he’s not eligible for the reward of revealing the bug in the Facebook platform, because he didn’t played his cards right and he broke the “rules” (they also failed to mention which rules were broken).