# Bug Reporter Denied his Award after Reporting a Bug that could let you post on Zuckerberg's Wall



## readermaniax (Aug 19, 2013)

*1.bp.blogspot.com/-gSKafdOk0cQ/UhIXZHkUq6I/AAAAAAAAAzg/3g6Yi8YjmpA/s640/facebook_2_1.jpg​

*1.bp.blogspot.com/-7kwgyPs_UJY/UhIYCwOizyI/AAAAAAAAAzw/djbwgY8d1Zs/s200/Ashampoo_Snap_2013.08.12_02h52m42s_001_.jpgKhalil Shreateh, a self-professed IT expert from Palestine tried reporting a bug to Facebook which could let you post to anyone's 
wall even if you aren't on their friends list. He stated that he first tested the bug on Sarah Goodins and then he reported the Bug through the Facebooks Whitehat Disclosure Service. Facebook ignored it on the grounds saying that it wasn't a bug even after attaching a screenshot of the post in an e-mail to a Facebook engineer' Emrakul until Kahlil posted on Zuckerberg's wall. 


*4.bp.blogspot.com/-nDzHNRx_tc0/UhIXhLUbfvI/AAAAAAAAAzo/lXRbqUlSAlY/s640/zuckpost.jpgA screenshot of Khalil's Post on Zukerbergs wall.

Few minutes after the posting he got a comment on his picture from a Security Engineer Ola Okelola at Facebook asking him to send details of the Bug and was then taken seriously. Facebook banned his profile on the grounds of security and refused to give him the $500 award for reporting the bug. They said he breached the Terms of Service code of Facebook. 


*4.bp.blogspot.com/-7C-x1mycH_M/UhIYP14aw3I/AAAAAAAAAz4/EOXLDofTZ2o/s320/Ashampoo_Snap_2013.08.15_12h58m56s_006_.jpg​
If Facebook treats the people who report bugs like these why would they ever warn Facebookabout it and instead release it public which could earn them so much more. There could be discussions that Khalil's bad use of English made the people at Facebook take him less seriously at first but then, he did put his point across and that's what matters. 

A detailed post could be read at Khalil's Blog. Via Gizolo


----------



## Ricky (Aug 19, 2013)

Interesting but I remember once a $20K reward was given to find some bug / security hole to a person. May be he was just unlucky.


----------



## lywyre (Aug 19, 2013)

I am not surprised or shocked. But facebook would not bother about this. 
They are rolling like a blind juggernaut and someday - _hmmm I can only wish_ - they are going to get


----------



## Allu Azad (Aug 19, 2013)

lywyre said:


> They are rolling like a blind juggernaut and someday - _hmmm I can only wish_ - they are going to get



Let that day come soon


----------



## Hrishi (Aug 20, 2013)

When the Owner get's Owned.!!!
Btw , did you noticed his DP ?? I think it resembles Edward Snowden.


----------



## ¶§Ç (Aug 20, 2013)

Unlucky Guy....


----------



## rosemolr (Aug 20, 2013)

Actually i don't find a reason for facebook for not giving out 500$ for this chap...In fact they do encourage people who are finding flaws and bugs..But here the point is that there was a communication gap between the white hat hacker and facebook security team.Apparantly  he also posted to Zuckeberg's account too...They might have got embarrassed after getting this and showcased his activity as a violation of terms and conditions! Not to mention this is somewhat a punch in the face of Zuckerberg!!!!


----------



## lywyre (Aug 20, 2013)

^ That punch is definitely worth more than $500


----------



## amjath (Aug 20, 2013)

Bunch of scumbags


----------



## Santa Maria! (Aug 20, 2013)

If I understand right, after a communication gap, he broke the terms & conditions by using another person's account to exploit/demonstrate a bug.


----------



## rosemolr (Aug 20, 2013)

Of course it is worth more than 500$...On the darker side,I think their security team have underestimated the potential of this vulnerability.

It is just a matter of time to create an automated cross site script to attack the entire users in facebook and start spamming.The reality is that one doesn't need to be a friend to post on the victim's wall,which pretty much open FB's security door wide open to attackers...Not to mention if the vulnerability was revealed before it reached the right hand zuckerberg would have face big time in blocking punches from all over the places!!!

Anyways...This palestenian chap have become a celebrity among white hat hackers...C'mon it is a big deal to find a flaw in a close to perfect social networking site.

For the record,I still remember the days when orkut was take down by brazillian hackers with "bom Sabado" worm..even my account was affected and right away i ditched orkut too.


----------



## lywyre (Aug 20, 2013)

rosemolr said:


> .C'mon it is a big deal to find a flaw in a *close to perfect social networking site.*



I am not sure if you are serious or sarcastic


----------



## rosemolr (Aug 20, 2013)

lywyre said:


> I am not sure if you are serious or sarcastic



Like i said, *Close to perfect*.

I know that they do have bugs and Facebook for Android is the crappiest app I'm using on a daily basis.

Just in case if you are quoting Google + on your defense:

 Google + is good but seriously i cant find difference between my  membership in my Local Gym and Google + account!!!

I know i have account in both these places but i never used to visit these places.


----------



## lywyre (Aug 20, 2013)

rosemolr said:


> Just in case if you are quoting Google + on your defense:



Nope. I ain't defending and why should I? I am only critical of Facebook's privacy issues that are coming out every now and then. Yes, there are issues with other social networks too, but that doesn't take FB near perfection. 

P.S: I have ids on both networks though I don't frequent them.


----------



## theserpent (Aug 20, 2013)

Rishi. said:


> When the Owner get's Owned.!!!
> Btw , did you noticed his DP ?? *I think it resembles Edward Snowden*.



Yup I felt that too


----------



## readermaniax (Aug 20, 2013)

Santa Maria! said:


> If I understand right, after a communication gap, he broke the terms & conditions by using another person's account to exploit/demonstrate a bug.



He had to! the Security department at Facebook weren't really giving a F*** about this guy from Palestine


----------



## arsenalfan001 (Aug 21, 2013)

BTW, guys, any of you tried doing what he found out??


----------



## Hrishi (Aug 21, 2013)

arsenalfan001 said:


> BTW, guys, any of you tried doing what he found out??


Yeah !  , but seems like FaceBook team fixed it.


----------



## ¶§Ç (Aug 21, 2013)

There are only 2 websites are there in the world...

1. The One which is attacked by hackers
2. The Other One which is going to be Attacked By Hackers.

SO there is nothing Like Perfect Website... I used to called Perfect as a Perfect is S H I T


----------



## arsenalfan001 (Aug 21, 2013)

Rishi. said:


> Yeah !  , but seems like FaceBook team fixed it.


I tried yesterday, around 1am and it was working


----------



## warfreak (Aug 21, 2013)

Jew snubs a Palestinian... no surprises there  Let the zionist conspiracy theories begin 

On a serious note, Facebook is not selling you any product. *You are* the product being sold. 

If you don't like it then don't use it. It's as simple as that.


----------



## vijju6091 (Aug 22, 2013)

¶§Ç said:


> There are only 2 websites are there in the world...
> 
> 1. The One which is attacked by hackers
> 2. The Other One which is going to be Attacked By Hackers.
> ...


Thats very much true.


----------



## rakesh_ic (Aug 22, 2013)

arsenalfan001 said:


> I tried yesterday, around 1am and it was working



It was fixed on the dat when the guy demonstrated it on Mark's account.


----------



## Flash (Aug 22, 2013)

Ah!! I get it.. 
He's Palestinian!!


----------



## theserpent (Aug 22, 2013)

Lol he gets 12k$ Instead 
Security researcher Khalil Shreateh who hacked Facebook CEO Mark Zuckerberg's profile gets $12k | Information, Gadgets, Mobile Phones News & Reviews | News.com.au


----------



## ashis_lakra (Aug 22, 2013)

Gotta be kidding me !

He got way more than he bragged.


----------



## Flash (Aug 22, 2013)

..Happy ending..


----------

