×
NewsDay

AMH is an independent media house free from political ties or outside influence. We have four newspapers: The Zimbabwe Independent, a business weekly published every Friday, The Standard, a weekly published every Sunday, and Southern and NewsDay, our daily newspapers. Each has an online edition.

  • Marketing
  • Digital Marketing Manager: tmutambara@alphamedia.co.zw
  • Tel: (04) 771722/3
  • Online Advertising
  • Digital@alphamedia.co.zw
  • Web Development
  • jmanyenyere@alphamedia.co.zw

Facebook founder Zuckerberg hacked to highlight bug

News
A Palestinian programmer has highlighted a flaw in Facebook’s security system by posting a message on Mark Zuckerberg’s private page.

A Palestinian programmer has highlighted a flaw in Facebook’s security system by posting a message on Mark Zuckerberg’s private page.

BBC News Online

Khalil Shreateh used a vulnerability he discovered to hack the account of the Facebook founder and raise the alarm.

Mr Shreateh said he had tried to use Facebook’s White Hat scheme, which offers a monetary reward for reporting vulnerabilities, but had been ignored.

Facebook said it had fixed the fault but not would be paying Mr Shreateh.

Mr Shreateh found a security breach that allowed Facebook users to post messages on the private “walls” of people who had not approved them as “friends”, overriding the site’s privacy features.

‘Not a bug’

He wrote to Facebook’s White Hat team to warn them of the glitch, providing basic details of his discovery.

After a short exchange with the team, Mr Shreateh received an email saying: “I am sorry this is not a bug”.

Following this rebuttal, Mr Shreateh exploited the bug to post a message on Mr Zuckerberg’s page.

In the post, Mr Shreateh, whose first language is Arabic, said he was “sorry for breaking your privacy and post to your wall” but that he had “no other choice” after being ignored by Facebook’s security team.

An engineer on Facebook’s security team, Matt Jones, posted a public explanation saying that although Mr Shreateh’s original email should have been followed up, the way he had reported the bug had violated the site’s “responsible disclosure policy”.

He added that as Mr Shreateh had highlighted the bug “using the accounts of real people without their permission”, he would not qualify for a payout.