Khalil Shreateh could receive up to US$10,000 as a reward after exposing a Facebook flaw which allows strangers to access personal pages, despite him being denied the usual US$500 payment by the social network itself.
Security experts and hackers from around the world, led by Marc Maiffret, chief technology officer of cyber security firm BeyondTrust, have set up an online compensation fund to reward the computer expert who hacked Mark Zuckerberg’s facebook page.
Shreateh was denied the cash by Facebook for allegedly violating its set terms and conditions for qualifying programmers who discover such flaws.
The hacker should also have interacted and asked the consent of Zuckerberg before posting on his page, further leading to his ejection from Facebook.
“He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken,” Reuters reported Maiffret as saying. “It’s something that might help him out in a big way.”
Matt Jones, a Facebook security engineer, posted on the forum on Hacker News: “In order to qualify for a payout you must ‘make a good faith effort to avoid privacy violations’ and ‘use a test account instead of a real account when investigating bugs’.
“When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners.”
