We reported a couple of days ago that a self-titled Palestinian “IT Expert” had discovered a bug in Facebook that allowed him to post on anybody’s wall. He had reported that bug to Facebook through the social network’s bug reporting tool, but he received a nonchalant response telling him that his discovery was not a bug. To prove a point this IT expert, Khalil Shreateh, went ahead and left a post on Facebook CEO Mark Zuckerberg’s wall. Within minutes, he was contacted by a security engineer from Facebook and the bug was fixed. Facebook pays a bounty of at least $500 to researchers who report bugs, they denied him the bounty because according to them Shreateh had violated Facebook’s terms and conditions by posting on a user’s wall without their consent. The internet doesn’t seem to be happy about this, a $10,000 crowdfunding campaign has been launched for Shreateh. Within 24 hours, and as of this writing, the campaign has received $9,215 in donations.
The campaign was initiated by Marc Maiffret, the CTO at Beyond Trust, a security compliance company. He says that the campaign is a message to security researchers around the world that they “appreciate the efforts they make for the good of everyone.” Technically, Shreateh did violate the terms and conditions by posting on a user’s wall who didn’t have him in his friends’ list, thus no consent was given. Though the bug could have been sold online to hackers and spammers who might have used it to spread spam across Facebook. They could have created a lot of havoc. Should Facebook bend the rules this time and recognize as well as reward Shreateh for his discovery?