Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
World Wide Web
Gartner's #1 for endpoint backup
Average Rating:
Rate this article:  
West Bank Man Hacks Zuckerberg's Facebook Page

West Bank Man Hacks Zuckerberg's Facebook Page
By Adam Dickter

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Facebook is in a tough position with the volume of reports it gets, but if you want to serve as 1 billion people's social life, you need to invest in appropriate security staffing levels. Facebook likes to compare itself to a nation-state, so a national defense is an important investment. Perhaps one it should take more seriously.
 


Mark Zuckerberg surely did not click the like button after a status on the social media king's Facebook page last week warned him, in undeniable fashion, of a security vulnerability.

Using only a dilapidated laptop at his home in the Palestinian territories, Khalil Shreateh figured out a vulnerability, which he has not publicly disclosed, that allows any Facebook user to post a message on anyone else's page without his permission, CNN reported.

Facebook said it wanted to investigate the flaw -- which could allow millions of Facebook users to freely advertise products or services, or just cause mayhem with people who have not accepted their friend requests -- but it did not have enough information.

Try And Try Again

Shreateh, who lives near Hebron and is looking for a computer-related job, insists he tried to warn Facebook's security division, to no avail, forcing him to unleash the attention-getting stunt.

Shreateh wrote about the exploit in a blog post and made a YouTube video about it. On the blog he included an exchange of emails, including a link to a post he said he made on the page of Sarah Goodin, a Harvard classmate of Zuckerberg's. The supposed response from Facebook was that the link he sent didn't work.

After a second attempt, he then did the same to Zuckerberg's page, he said.

The illicit message, which did not appear on Zuckerberg's page when we checked on Monday afternoon reads: "First sorry for breaking your privacy and post to your wall . . . I [had] no other choice to make after all the reports I made to Facebook team." Numerous websites captured images of the post before it was taken down.

Shreateh also posted an Enrique Iglesias music video to make his point. Although Facebook offers cash rewards for reports of legitimate vulnerabilities, unauthorized postings violate the company's terms of service, so Shreateh won't be getting any cash. Instead, his account was suspended, but later reinstated.

In fairness, Facebook's security team likely gets more security reports than it can quickly handle given its massive user base of around 1 billion accounts worldwide. But the easy hack creates the perception that the tech giant is more focused on ways to monetize the site to boost its unstable stock price than on beefing up security for users.

"Facebook is in a tough position with the volume of reports they get, but if you want to serve as 1 billion people's social life, you need to invest in appropriate security staffing levels," Chester Wisniewski, a senior analyst at the global cybersecurity firm Sophos told us.

"They like to compare themselves to a nation-state, so a national defense is an important investment," he said. "Perhaps one they should take more seriously."

In response to our emailed request for comment, Facebook spokesman Fred Wolens referred us to a post in a Hacker News forum by MK Jones, who works on a Facebook security team that investigates bug reports under the White Hat program.

Needed More Info

"[W]e get hundreds of reports every day," Jones said. "Many of our best reports come from people whose English isn't great -- though this can be challenging, it's something we work with just fine and we have paid out over $1 million to hundreds of reporters."

Though he said the information was sketchy Jones said, "We should have pushed back asking for more details here." He added that testing bugs with other people's accounts is a serious no-no, and that Facebook provides a way to create test accounts to show flaws "to help facilitate responsible research and testing."
 

Tell Us What You Think
Comment:

Name:



Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.


 World Wide Web
1.   Twitter May Remove Pics of Deceased
2.   Google IPO Began Decade of Big Bets
3.   Assange Talks of Leaving Embassy
4.   Russian Hacker To Be Held Until Trial
5.   Online Sites vs. Retailing in India


advertisement
OkCupid Experiments with Daters
Unethical without user consent?
Average Rating:
Twitter May Remove Pics of Deceased
Balancing privacy and public interest.
Average Rating:
Online Retailers Ponder Actual Stores
'Click-and-mortar' shops popping up.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 

Enterprise Hardware Spotlight
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.