Snubbed by Facebook, Security Researcher Hacks Zuckerberg's Page

Status
Not open for further replies.

dalethepcman

Distinguished
Jul 1, 2010
541
0
18,940
"Top Facebook hacker Nir Goldshlager, who's received many Facebook bug bounties, lives right over the border in Israel."

Uhh... yeah because Palestinians and Israelite's are historically known for getting along great...

That was sarcasm by the way.

On topic, This guy really should have given facebook more than 2 days to deal with this.
 

bin1127

Distinguished
Dec 5, 2008
380
0
18,930
I think he handled it pretty well. He didn't hack zuckerberg's page and delete everything replacing his profile pic with fail.gif. He posted a very straightforward message stating the exact nature of the exploit.

They shouldn't snuff the only guy that actually cares about facebook's security. Either pay him or deduct $5000 from the guy who ignored his warning.
 

mman74

Distinguished
Mar 22, 2006
210
0
18,830
No. Pay him and it's open season on reporting exploits. They are quite right. I think from his English the fact that he couldn't even link his own proof, I am not going to vilify the guy that turned down his email.
Still all credit to him for finding such an exploit. I don't think however the vulnerability extended to allowing him to delete all of Mr. Zuckerbergs posts.
 

axefire0

Distinguished
Feb 1, 2011
9
0
18,510
Facebook should investigate why his bug report was ignored or dismissed. There may have been racial discrimanation, the bug reporter being a Palestinian.
 

rwinches

Distinguished
Jun 29, 2006
117
0
18,640
All lot of comprehension errors here.
The security guy blew it when he clicked on the link without using his authority to view the page. If you click on the page without being a friend as he clearly stated, it would not work Duh.
He did not delete anything on Zuck's page.
@mman74 Did you bother to read the article? FB pays for bug reports.

FB sec is about as good as Geek Squad.
Pay the man, he needs the money, he chose to do the right thing.
 

razor512

Distinguished
Jun 16, 2007
501
0
18,940
That is complete disrespect. He should release the exploit before they can patch it. Or sell the next few exploits.

If I ran a company that had a security policy of paying people to report exploits and a worker did this to someone attempting to report a security issue. I would fire them on the spot, and depending on how pissed off I was, I would sue them for trying to destroy the company.
 

razor512

Distinguished
Jun 16, 2007
501
0
18,940
That is complete disrespect. He should release the exploit before they can patch it. Or sell the next few exploits.

If I ran a company that had a security policy of paying people to report exploits and a worker did this to someone attempting to report a security issue. I would fire them on the spot, and depending on how pissed off I was, I would sue them for trying to destroy the company.
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
For those who REFUSE to read anything other than the mangled version of this story on Tom's he DID report the bug to Facebook several times and was ignored. It was only after being IGNORED several times that he hacked Zuckerberg's page (good riddance). The "We didn't understand you" excuse only came out AFTER Facebook refused to pay the bounty on the bug and there was a backlash.

This whole other security researcher is just in there to throw gas on the fire and has absolutely NOTHING to do with what actually happened.
 

Pherule

Distinguished
Aug 26, 2010
110
1
18,640
Since quotes don't work with this retarded new comment system, I'll manually quote:

"This guy really should have given facebook more than 2 days to deal with this."
No, he should not have. How long does it take to fix a reproducible bug like this? 2 weeks? FB would need to fire their security coders if it took that long. The ridiculous length of time for bug fixing is the same reason Microsoft's products are so well known for being insecure.
 
Status
Not open for further replies.