The way Facebook privacy works is that if your profile isn’t set to public, only those people can post on your wall who you have added in your friends list. a self-titled Palestinian security expert, Khalil Shreateh, says that he discovered an exploit in Facebook that would let anyone post on anyone’s wall. He says that the exploit was reported to Facebook through their bug reporting tool, but they didn’t pay any heed and said that his discovery was not a bug. Determined to raise awareness, Shreateh went ahead and posted on Facebook CEO Mark Zuckerberg‘s wall, who obviously did not have him on his friends list. Within minutes of posting, he was contacted by a security engineer.
He was asked for further details about this exploit, meanwhile his account was disabled possibly because a greater security risk might have been perceived. They’ve since fixed the exploit and enabled Shreateh’s account, but he’s not going to be paid for this disclosure. Like many companies, Facebook pays whitehat researchers for exploits and bugs that they report. The payout is at least $500. Shreateh is said to have violated Facebook’s terms of service, since he did use the exploit to post on someone’s wall without their consent. One could make the argument that had he not posted on Zuckerberg’s wall, the exploit may have been used to spread spam across the social network. Should Facebook decide to cut Shreateh some slack on this?
- 2014-04-14: Google Picks Up Titan Aerospace Before Facebook Can
- 2014-04-14: Facebook Reportedly Working On An E-Money Service
- 2014-04-10: Facebook Makes Improvements To Reduce News Feed Spam
- 2014-04-10: FTC Clears Facebook/WhatsApp Deal, Must Honor Privacy Obligations
- 2014-04-09: Facebook To Remove In-App Messaging, Forces Users To Download Messenger App
- 2014-03-09: Facebook F8 2014 Is On April 30th
- 2013-06-18: Facebook Discusses Potential Partnerships With Samsung
- 2013-04-08: Facebook Now Lets British Users Message Celebrities For A Charge
- 2012-07-26: Facebook CEO kicks off company's first earnings conference call
- 2012-07-24: Facebook CEO gets his first patent on privacy