Zinging Zuckerberg

whitehatHere’s an example of ethical hacking in action. A Palestinian programmer demonstrated a security flaw in Facebook by posting on Facebook founder Mark Zuckerberg’s wall. He did this after being initially rebuffed by Facebook’s official security engineers, who claimed what the programmer had discovered was not a bug. Certainly, when the hacker’s post made it to Zuckerberg’s private page, Facebook’s security team sprang to action, asking him for more details about the flaw so that they could fix it. The problem has since been patched.

Like other huge Internet companies such as Google and Paypal, Facebook has a “white-hat program” that encourages security researchers to submit security flaws to their site. As long as a researcher submits a bug to Facebook instead of disclosing it first to the public, he or she is eligible for a reward. The reward can be rather sizable, depending on the severity of the discovered vulnerability. These kinds of programs have helped Internet behemoths significantly improve the quality and security of the services they provide, because they’ve basically crowdsourced the quality assurance job to their worldwide community of users.

In a somewhat humorous turn of events, Facebook is playing Scrooge in this case, refusing to pay the programmer his bounty because he violated Facebook’s rules by posting on private pages. Talk about Facebook drama! The Zucksters are coming across like pop divas throwing a fit because there wasn’t the correct ratio of green to purple grapes in the backstage snack tray.  Who knew the Altar of Narcissism doubled as the Friary of Fastidiousness?

The fact is, this guy did a tremendous service for Facebook, as do all of the white-hat (i.e. good-guy) hackers who participate in these kinds of programs. Crowdsourcing is an innovative and impactful way to improve the security of cyberspace. If there were a Crowdsourced Security fan page on Facebook, I’d “Like” it.


About Ray Klump

Associate Dean, College of Aviation, Science, and Technology at Lewis University Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *