Security community pays bounty for Facebook bug spot

A Palestinian researcher has been awarded a $10,000 bounty after spotting a vulnerability on Facebook that enabled users to post on people's walls they were not friends with.

Khalil Shreateh managed to post content on Facebook founder Mark Zuckerberg's wall to prove his point – but the social networking site remained unconvinced.

The site got in touch with Mr Shreateh to find out how he managed to exploit the vulnerability, but explained that as he was in breach of terms and conditions, it would not be possible to grant him a bug bounty.

However, chief technology officer of BeyondTrust Marc Maiffret believed that his efforts were worth recognition and called upon members of the security community to contribute to a fund.

A number of groups made donations to the bounty, which has now exceeded the $10,000 goal.

Facebook's official bounty program asks that vulnerabilities are not tested using live accounts, but rather that a series of test accounts are set up and used away from the rest of the network.

Rewards are offered to individuals who discover problems with mobile application security and start from $500 – there is currently no maximum amount that will be paid out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s