A palestanian security research has exposed one of the vulnerability facebook was carrying through. The researcher who calls himself Khalil reported that any person on facebook can post on anyone’s wall, even on the walls of the people that are not added into their friend list. This is some serious kind of vulnerability, but, facebook security in response of khalil’s initial mail said ”Sorry, it’s not a bug”.
In his mail Khalil fully described how this bug was harmful. He gave a link to Zuckberg’s college friend with a post made to his wall. Even though, he was not in his friend list. He said this mail via facebook feedback page which says a $500 reward on each bug found on the site.
According to Khalil’s official blog, after getting a disappointing response from facebook security team, Khalil decided to post this matter directly to mark Zuckberg’s page. In his post described the bug in detail along with a negative response from Facebook’s security team. Few minutes after the posts was on the wall, one of the facebook’s engineer contacted Khalil and asked khalil for all the details regarding the vulnerabiility.
After receiving details from khalil they blocked account and fixed the vulnerability. However, he didn’t received any reward from facebook as it requires some rules to be followed and Khalil had breached Facebook’s privacy and security terms.