Researcher demos Facebook bug with Zuckerberg Wall post

By
Follow google news

'Dear Mark, sorry for breaking your privacy'.

A security researcher said he was forced to publish an unauthorised post on Mark Zuckerberg's Facebook Wall to demonstrate a privacy vulnerability to the social networking giant.

Researcher demos Facebook bug with Zuckerberg Wall post

Khalil Shreateh described in a blog how he reportedly disclosed the unconfirmed bug to Facebook by posting an update to the Wall owned by a friend of Zuckerberg who he was not connected to, a feat which breached site privacy policies. 

 

According to a purported email chain, Shreateh offered to post an update to an account held by the Facebook security team as a proof of concept, but was told only that the alleged vulnerability was not a bug.

He then posted an update to Zuckerberg's Wall where a Facebook software engineer reached out requesting more details.

From there, Shreateh's account was temporarily suspended and he was told he would not receive the cash bug bounty rewards on offer from the site since he did not report the flaw according to normal procedures.

 

Facebook did not immediately return requests for comment.

Cipherlaw attorney James Denaro said on Twitter he would advise against Facebook paying out a bug bounty because the site could find itself in a "legally risky" scenario.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

NAB's SecOps rethink focuses on data expert and dev hires

NAB's SecOps rethink focuses on data expert and dev hires

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?