After white hat researcher hacks Mark Zuckerberg’s timeline, Facebook vows to improve communication

Ashampoo_Snap_2013.08.15_12h07m59s_002_

Facebook CEO and Co-Founder Mark Zuckerberg loves building a hacker culture, but when his own timeline was hacked, things got a little serious.

White hat research Khalil Shreateh tried to get Facebook’s attention regarding a bug that would allow a hacker to post to anyone’s timeline, but didn’t get much of a response from the company. Facebook responded to Shreateh, saying that what he brought to their attention was not a bug. Feeling that his claims were falling on deaf ears, Shreateh went all out and hacked into Zuckerberg’s timeline.

Facebook responded, saying that the white hat program “failed,” in its communication with Shreateh.

In a post on the Facebook Security blog, Facebook Chief Security Officer Joe Sullivan outlined changes that will happen as a result of the snafu:

We should have explained to this researcher that his initial messages to us did not give us enough detail to allow us to replicate the problem. The breakdown here was not about a language barrier or a lack of interest — it was purely because the absence of detail made it look like yet another misrouted user report. An example of the type of detailed report we encourage is the video this researcher released after the fact. Most researchers will provide that level of detail in their reports to us, and this is the type of granularity we need to investigate reports and, if they’re legitimate, reward the people who submitted them.

We will make two changes as a result of this case: (1) We will improve our email messaging to make sure we clearly articulate what we need to validate a bug, and (2) we will update our whitehat page with more information on the best ways to submit a bug report.

We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users. It is never acceptable to compromise the security or privacy of other people. In this case, the researcher could have sent a more detailed report (like the video he later published), and he could have used one of our test accounts to confirm the bug.

Image courtesy of Khalil Shreateh.

Marketing with Facebook Insights

Mediabistro Course

Marketing with Facebook Insights

Starting October 2, use Facebook’s analytics tool track and optimize your marketing efforts! Taught by the group marketing manager of social media at Microsoft/BingAds, Geoffrey Colon will show you how to measure key performance indicators and make your data actionable. Register now!

 

Leave a Reply

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Marketing Associate

Wainscot Media
Montvale, NJ

Assistant/Associate Professor - Social Media

SYRACUSE UNIVERSITY
Syracuse, NY

Campaign Manager

Interactive One
New York, NY

Digital Marketing Director

McMurry/TMG
Phoenix, AZ

Social Media and Communications Assistant

Carnegie Endowment for International Peace
Washington, DC

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us