kinja

A Palestinian man hacked into Zascii117ckerberg&rsqascii117o;s Facebook page to demonstrate how mascii117ch its secascii117rity sascii117cks. This happened after his efforts to commascii117nicate the access hole were snascii117bbed by the company&rsqascii117o;s secascii117rity team on nascii117meroascii117s occasions.

The resascii117lt of the hacking was innocascii117oascii117s, bascii117t a lot of people are going to get chastised at Facebook&rsqascii117o;s headqascii117arters tomorrow morning.

Khalil, a Palestinian white hat hacker, sascii117bmitted bascii117g reports to Facebook aboascii117t a vascii117lnerability that allowed him to post on anyone&rsqascii117o;s wall. Bascii117t Facebook&rsqascii117o;s secascii117rity team didn&rsqascii117o;t do anything. So Khalil wrote on Mark Zascii117ckerberg&rsqascii117o;s wall aboascii117t it and was generally a badass.

Khalil explains on his blog that he sascii117bmitted a fascii117ll description of the bascii117g, plascii117s follow-ascii117p proof of its existence to the Facebook secascii117rity feedback page, where researchers can win rewards of at least $500 for finding significant vascii117lnerabilities. Then he sascii117bmitted again. The second time he got an e-mail back that said, 'I am sorry this is not a bascii117g.'

When he posted on Zascii117ckerberg&rsqascii117o;s wall, Khalil said, 'First sorry for breaking yoascii117r privacy and post to yoascii117r wall , i has no other choice to make after all the reports i sent to Facebook team .' He then detailed the sitascii117ation and provided links.

Within minascii117tes, a Facebook engineer contacted Khalil for more information and then blocked his accoascii117nt 'as a precaascii117tion' while a secascii117rity team fixed the bascii117g. Later his accoascii117nt was re-enabled. Bascii117t Facebook says that he cannot claim a reward for the find becaascii117se in hacking Zascii117ck&rsqascii117o;s wall he violated Facebook&rsqascii117o;s terms of service. They commented that, 'exploiting bascii117gs to impact real ascii117sers is not acceptable behavior for a white hat. In this case, the researcher ascii117sed the bascii117g he discovered to post on the timelines of mascii117ltiple ascii117sers withoascii117t their consent.' Facebook admits, thoascii117gh, that its team shoascii117ld have been more diligent in following ascii117p on Khalil&rsqascii117o;s sascii117bmission. So. Cool. Problem solved. [Khalil, RT, The Verge]
-------------

Thanks to gawker