MARK ZUCKERBERG GETS HIS FACEBOOK PROFILE HACKED

Mark Zuckerberg got his Facebook wall hacked today, in a move that surprised and embarrassed the company today. Now if only somebody could do this to Google.Here is how the Telegraph reported it:
Khalil Shreateh, a systems
information expert from
Palestine, attempted to
report the vulnerability to
Facebook’s security team
twice, demonstrating that the
glitch was real by posting an
Enrique Iglesias video on the
wall of one of Zuckerberg’s
college friends, Sarah Goodin, with
whom he was not
connected.
However, Facebook dismissed
his warnings, claiming that the
issue “was not a bug”, as
only Goodin’s friends were
able to see the poston her
wall. Frustrated, Shreateh decided
to use the glitch to hack into
Mark Zuckerberg’s profile
page. Ina post which has since
been removed, he apologised
for breaking Zuckerberg’s privacy,
adding: “I had no
other choice… after all the
reports I sent to Facebook
team”.
In less than a minute,
Shreateh’s Facebook account
was suspended and he was
contacted by a Facebook
security engineer requesting
all the details of the exploit.
“Unfortunately your report
to our Whitehat system did
not have enough technical
information for us to take
action on it,” the engineer
wrote in an email. “We cannot
respond to reports which do
not contain enough detail to
allow us to reproduce an
issue.”
Facebook has a policy that it
will pay a minimum $500
bounty for any security flaws
that a hacker finds. However,
the company hasrefused to
pay Shreateh for discovering the
vulnerability because his
actions violated Facebook’s
Terms of Service.
In a Hacker News thread,
Matt Jones from Facebook’s
security team confirmed that the
bug has now been fixed,
admitting that the company
should have asked more
details afterShreateh’s initial
report. “We get hundreds of
reports
every day. Many of our best
reports come from people
whose English isn’t great –
though this can be challenging,
it’s something we work with just
fine and we have paid
out over $1 million to
hundreds of reporters,” he
said.
“However, many of the
reports we get are nonsense
or misguided, and even those
(if youenter a password then
view-source, you can access
the password! When you submit a
password, it’s sent
in the clear over HTTPS!)
provide some modicum of
reproduction instructions.