You have reached your limit of free articles this month.

Enjoy unlimited access to

Starting at just 99¢ for 8 weeks.


  • ePAPER

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and interactive features. Starting at just 99c for 8 weeks.


Welcome to

Your source for Clark and Champaign counties’ hometown news. All readers have free access to a limited number of stories every month.

If you are a News-Sun subscriber, please take a moment to login for unlimited access.

Hacker posts on Zuckerberg's Facebook wall

One IT expert took drastic measures to report a bug to Facebook’s security team.

A Palestine-based Facebook user, who goes by Khalil, says he discovered a bug through which someone can post to any other Facebook user’s wall, at any time. This bypasses any security restrictions the user has set up. (Via YouTube / SmartKhalil)

Khalil reported the bug through Facebook’s built-in white-hat security reporting tool. The company often distributes bounties for legitimate security concerns.

But on his website, Khalil posted an email conversation with Facebook’s security team, who repeatedly told him his find wasn’t a bug. (Via

So Khalil went straight to the top. He used the very vulnerability he was trying to report to post an explanation on Mark Zuckerberg’s wall. (Via The Verge)

Very quickly after that, Facebook security got back in touch, requesting details on the hack. Khalil’s Facebook account was disabled in the meantime as a precaution.

RT reports Facebook eventually agreed this was an exploit that would need patching — but Khalil wouldn’t be compensated “because his actions violated the website’s security terms of service.”

“[Facebook] sets a number of rules that security analysts should follow in order to be eligible for a cash reward. Facebook did not specify which of the rules Khalil had broken.” (Via RT)

A member of Facebook’s security team posted on Hacker News to clarify — Facebook will only compensate white hats if they “make a good faith effort to avoid privacy violations.” Posting straight to the CEO’s wall is a disqualification.

So no payout for Khalil, but his account has been reinstated, and Facebook says it hopes he will continue to report security vulnerabilities through the appropriate channels. The cross-wall posting trick has been patched as of Thursday. 

See more at

Reader Comments ...

Next Up in News

Captured: Fugitive wanted in death of Orlando Master Sgt. Debra Clayton
Captured: Fugitive wanted in death of Orlando Master Sgt. Debra Clayton

Markeith Loyd, the man wanted in connection with the shooting death of MAster Sgt. Debra Clayton, has been caught.   JUST IN: Here's accused police sergeant killer, Markeith Loyd, being taken into custody at the Orlando Police Department. by WFTV Channel 9 on Tuesday, January 17, 2017 Earlier, Orlando police...
How roller-coaster temps affect your health 
How roller-coaster temps affect your health 

Temperatures have been on a dramatic swing for much of January.  We started the month with temperatures nearly 15 degrees above normal before falling to the coolest daily high temperature for January 6th when the temperature only reached 10 degrees.  We dipped below zero on the morning of January 7th. But just 5 days later, temperatures soared...
Wells Fargo rejects 'offensive and antisocial' Black Lives Matter debit card
Wells Fargo rejects 'offensive and antisocial' Black Lives Matter debit card

A schoolteacher in Baltimore, Maryland, says her submission of a personalized Wells Fargo debit card that contained the message "Black Lives Matter" was rejected for being "offensive and antisocial." The Washington Post reported that Rachel Nash, who is white, came up with the idea for the card out of frustration and wanted to use...
Clark County teen charged after alleged school threats
Clark County teen charged after alleged school threats

A Springfield teen is expected to appear in Clark County Municipal Court on Wednesday after he was accused of texting a series of alleged threats that led district officials to lock down Northwestern High School last month. Brandon C. Bowen, 18, of North Hampton, has been charged with inducing panic in connection with the incident, according to municipal...
Clark County expert urges parents to talk about suicide
Clark County expert urges parents to talk about suicide

A local psychologist says parents should talk to their children after public suicide attempts, like a recent Clark County teen who allegedly streamed her attempt to kill herself live on Facebook. Clark County sheriff’s deputies and Moorefield Twp. EMS responded to a 9-1-1 call on Monday from a friend of the teen who said he had seen her live...
More Stories