markhack1.jpg

A Palestinian white hat hacker named Khalil submitted bug reports to Facebook about a vulnerability that allowed him to post on just about anyone's wall. Facebook ignored him, so to take matters into his own hands, Khalil wrote on Mark Zuckerberg's wall about it to get his attention.

He explains that he had submitted a full description of the bug, and follow up proof of its existence to the Facebook security feedback page. Researchers can win rewards of at least $500 for finding significant vulnerabilities.

When he submitted again, he got an email saying that this was not a bug.

Then he posted on Zuckerberg's wall, "First sorry for breaking your privacy and post to your wall , i has no other choice to make after all the reports i sent to Facebook team ." He then detailed the situation and provided links.

Minutes later a Facebook engineer contacted Khalil for more information and blocked his account "as a precaution while a security team fixed the bug. His account was re-enabled later, but Facebook says that he cannot claim a reward for the find in hacking Zuck's wall because he violated the social network's terms of service.

They commented that, "exploiting bugs to impact real users is not acceptable behavior for a white hat. In this case, the researcher used the bug he discovered to post on the timelines of multiple users without their consent."

So much for doing a good deed. Right? [Khalil, RT, The Verge]