Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 06:41:42 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)  (Read 1657 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
This is funny!

http://rt.com/news/f...cker-zuckerberg-621/

Quote
A Palestinian information system expert says he was forced to post a bug report on Mark Zuckerberg’s Facebook page after the social network’s security team failed to recognize that a critical vulnerability he found allows anyone to post on someone's wall.

The vulnerability, which was reported by a man calling himself ‘Khalil,’ allows any Facebook user to post anything on the walls of other users - even when those users are not included in their list of friends. He reported the vulnerability through Facebook’s security feedback page, which offered a minimum reward of US$500 for each real security bug report.

...

After receiving the third bug report, a Facebook security engineer finally admitted the vulnerability but said that Khalil won’t be paid for reporting it because his actions violated the website’s security terms of service.

Summary:

  • Buddy reports bug to security team
  • Security team tells him to piss off
  • Posts to Zuckerberg's wall
  • Security team won't pay reward for bug that they refused to listen to

Just all around it's wonky. The part that I found the worst was the reward part. It's just really douchey.

This is exactly why security experts should instead of reporting bugs to companies, should just sell exploits to criminals. If companies won't act in good faith, why should any security experts?
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,550
    • View Profile
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #1 on: August 18, 2013, 12:59:55 AM »

Does Zuckerberg Like this?

: )


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #2 on: August 18, 2013, 01:44:54 AM »
Does Zuckerberg Like this?

: )

 :Thmbsup: Dunno, but I do! :D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #3 on: August 18, 2013, 07:09:36 AM »
From my experience, NIH is invariably the default reaction of most large organizations to outside input. Even if such input is well intentioned - and requested by the organization itself - the knee-jerk tendency to circle the wagons and stonewall is just too ingrained. Because you're far less likely to be punished for inaction than you are for doing something, refusal to take action is often the smarter strategy in a corporate setting. Dilbert referred to this behavior as "Learned Helplessness."

Bug identification is much like whistleblowing. The very businesses encouraging you to "participate" usually prefer that you don't.

In management circles, such behavior is generally seen as an early indication an organization has passed it's prime and started its decline.
« Last Edit: August 18, 2013, 07:23:34 AM by 40hz »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,294
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #4 on: August 18, 2013, 08:11:46 AM »
This is exactly why security experts should instead of reporting bugs to companies, should just sell exploits to criminals. If companies won't act in good faith, why should any security experts?

That's been tried already ... The NSA screwed them too.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,405
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #5 on: August 18, 2013, 10:40:58 AM »
This is exactly why security experts should instead of reporting bugs to companies, should just sell exploits to criminals. If companies won't act in good faith, why should any security experts?

That's been tried already ... The NSA screwed them too.

 :huh: :tellme: oh no he didn't!  ;D

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 6,137
  • Slartibartfarst
    • View Profile
    • Donate to Member
Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)
« Reply #6 on: August 19, 2013, 08:41:21 AM »
40hz: ^^ wot you said. I suspect you have hit the nail on the head.