After white hat researcher hacks Mark Zuckerberg’s timeline, Facebook vows to improve communication

Ashampoo_Snap_2013.08.15_12h07m59s_002_

Facebook CEO and Co-Founder Mark Zuckerberg loves building a hacker culture, but when his own timeline was hacked, things got a little serious.

White hat research Khalil Shreateh tried to get Facebook’s attention regarding a bug that would allow a hacker to post to anyone’s timeline, but didn’t get much of a response from the company. Facebook responded to Shreateh, saying that what he brought to their attention was not a bug. Feeling that his claims were falling on deaf ears, Shreateh went all out and hacked into Zuckerberg’s timeline.

Facebook responded, saying that the white hat program “failed,” in its communication with Shreateh.

In a post on the Facebook Security blog, Facebook Chief Security Officer Joe Sullivan outlined changes that will happen as a result of the snafu:

We should have explained to this researcher that his initial messages to us did not give us enough detail to allow us to replicate the problem. The breakdown here was not about a language barrier or a lack of interest — it was purely because the absence of detail made it look like yet another misrouted user report. An example of the type of detailed report we encourage is the video this researcher released after the fact. Most researchers will provide that level of detail in their reports to us, and this is the type of granularity we need to investigate reports and, if they’re legitimate, reward the people who submitted them.

We will make two changes as a result of this case: (1) We will improve our email messaging to make sure we clearly articulate what we need to validate a bug, and (2) we will update our whitehat page with more information on the best ways to submit a bug report.

We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users. It is never acceptable to compromise the security or privacy of other people. In this case, the researcher could have sent a more detailed report (like the video he later published), and he could have used one of our test accounts to confirm the bug.

Image courtesy of Khalil Shreateh.

Sponsored Post

Hands-On Social Media Training for Beginners


Social Media 101
In our Social Media 101 boot camp, you’ll determine the social media sites that matter most to you, based on personal and professional goals. Starting May 13, you will learn the best practices for using Facebook, Twitter, LinkedIn, Google+, Pinterest, Instagram and Tumblr, along with complete personal profiles on each site. Register today!

Leave a Reply

interested in advertising with inside facebook?

Social Media Jobs
of the Day

Digital Marketing Assistant

Atlanta Magazine
Atlanta, GA

Digital Media Sales Specialist

Desert Publications, Inc.
Palm Springs, CA

Engagement Editor, HowAboutWe Media

HowAboutWe
Brooklyn, NY

Digital & Social Media Manager

Beauty & Entertainment Company
Brooklyn, NY

Webmaster

County of Napa, California
Napa, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Also from Inside Network:   AppData - Facebook & iOS Application Stats   PageData - Engagement Data on Facebook Pages   Facebook Marketing Bible   Inside Network Research
 
home | site map | advertising/sponsorships | about | careers | contact us | help courses | browse jobs | freelancers | events | forums | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us