Wellington: In order to prove that social media giant Facebook has a security flaw that can allow people to post on someone’s wall without being in their friends’ list, a security researcher went a step ahead to prove his point and posted about the bug on the CEO’s wall.
Khalil Shreateh from Palestine initially tried to report the bug to Facebook’s security team before posting something to Sarah Goodin’s wall, a friend of Facebook CEO Mark Zuckerberg but he was not taken seriously till then.
Shreateh then used the bug and posted a message on Zuckerberg’s wall and explained the flaw which prompted immediate action and within minutes, the site’s security engineer contacted him and asked for the details.
Facebook has a bounty program where it pays people to report bugs instead of using them maliciously but it did not pay the $US 500+ fee amount to Shreateh because they said he violated the site’s terms of service, although, they asked him to continue to help them find bugs.
The site’s security team then later confirmed that the bug had been fixed and added that bounty was denied because Shreateh did not include enough technical information when he tried to report the bug, the report added.