Facebook Vulnerability.

In a hacker's daily life it is usual for him to get hold of important data files or discover new issues. A good home for hackers is Facebook - the most common social network. If someone finds a bug, he/she has the chance to submit it through the company's white hat disclosure program and get a reward.
A security researcher managed to find a security issue on Facebook and stood firm to take action. Khalil Shreateh from Yatta-Hebron, Palestine had reported a bug to the Facebook bounty hunting service but was denied acknowledgement and cash payment because it was not a "bug".

That's the problem. Someone finds a bugs. Reports it. But in turn gets ignored.

This is when the Palestinian hacker took advantage of the same bug he was trying to report and chose to directly relate the bug to Facebook founder Mark Zuckerberg's Timeline.

He first reported the vulnerability via email to the bug bounty program. The social network, however, failed to recognize the vulnerability in his report.




Original post from Khalil's blog.
 

 

Before reporting the bug, Shreateh successfully tested it by posting on Sarah Goodin's Timeline, Mark Zuckerberg's former college classmate. Khalil included a link to this post in the email, but the Facebook security employee who received the email - identified as Emrakul - couldn't see the post, since he wasn't friends with Goodin.

 

 

 

That's what Shreateh tried to explain to Emrakul in a second email. He warned he could post on Mark Zuckerberg's Timeline but wouldn't "cause I do respect people privacy." His second email was ignored.

Khalil, once again reported the bug explaining it in detail to which the reply was



Finally loosing patience Khalil decided to report the bug directly to Mark Zuckerberg's Timeline.







This post got the attention of another Facebook engineer - Ola Okelola who commented on the post, asking for more information on the bug. After a brief discussion, Shreateh's Facebook account got suspended "as a precaution," as another Facebook security engineer named Joshua explained to Shreateh by email.




By posting on Zuckerberg's wall, Shreateh also violated Facebook's responsible disclosure policy which prohibits people who discover bugs to take advantage of them and demonstrate the bugs on people's accounts without their permission.Shreateh won't be rewarded for his finding, because he violated the disclosure policy. Take a look at the video which shows how he took advantage of the bug.

"The more important issue here is with how the bug was demonstrated using the accounts of real people without their permission. Exploiting bugs to impact real users is not acceptable behavior for a white hat. We allow researchers to create test accounts here to help facilitate responsible research and testing. In this case, the researcher used the bug he discovered to post on the timelines of multiple users without their consent, " explained Matt Jones of Facebook. Facebook declined to comment further. Besides, the bug was fixed, according to Jones.


Note: This post has been updated with the help of Khalil Shreateh's blog post and Mashable's report.

Burka Avenger!

The new talk in town is about something, someone who hasn't hit the TV Screens yet. But look at the media already rolling their cameras!

I am so thrilled to announce the pride I have after learning about Pakistan's first animated television series about a girl who uses books and pens as her weapons. These, I, Malala Yousafzai and many other agree, are the strongest weapons to remove the worst of evil. Oh no, she’s not settling until the bad side is ready to accept defeat.
"Burka Avenger" is a project of Pakistani pop star - Haroon. "It was in 2010 and I was reading a lot of articles about girls' schools being shut down by extremists so that was in my mind. Living in Pakistan, all theses issues are staring you in the face constantly. So when you're creating art, whether it be music or anything else like a cartoon TV series - you want to incorporate social messages. I feel it's my duty to try and make a positive difference. The Burka Avenger is a character called Jiya, orphaned as a child, adopted by a Kabbadi master, who is a master of this mystic martial art that I created, called Takht Kabbadi - the art of fighting with books and pens. It gives the message of the importance of education and that the pen is mightier than the sword," Haroon says.

Burka Avenger is not just another TV series hosted to brag about its success as an entertainment cartoon but a prospective of a real, strong woman who is firm on her belief. The belief being “education is the key to success.” The Burka Avenger proves to be a better role model for girls than any other Disney princess who needs a prince charming or a funky costume.

Burka Avenger emphasizes on the importance of education - how it provides a reason for almost every bad situation that can be figured out. It’s not only a form of opposition against The Taliban’s campaign to boycott education for girls and impose oppression, but elicits the children to take an interest in studies. Burka Avenger has led the fight against those who hold back a nation from success.  She proves education is what corrupt people fear. They fear that women who could be so easily ruled over, might reject their obligations.

Furthermore, this Avenger has one of the finest costumes! It portrays the real reason behind Muslim women wearing the abaya or hijab. It’s not a form of oppression but a form of protection & power. The Muslim women view it as a right and not a burden. Her costume is a symbol of piety and it can be interpreted as a sign of great inner strength and fortitude. Burka Avenger uses it to conceal her identity. Not only is it a modest dressing but it serves helpful to let her fly!

If you’re waiting for a reason to convince you that “Burka Avenger” is safe and worth the time for a child to spend watching, here you go. There is no guy who has to make her feel special! There is no prince charming who needs to motivate Burka Avenger to remain firm on her campaign! This is a relief as it’s not one of those animated movies that end up with the prince and princess living “happily ever after”. There is no one who can suck the power out of Burka Avenger.

With its success, the minds of both children and parents, especially in the villages, are reviving in terms of the not-so-good literacy rate in Pakistan. A hearty congratulations to the Burka Avenger team on the accomplishment of their aims!

P.s "Lady In Black" theme song by Pakistani rap star Adil Omar featuring pop-rock icon Haroon is a success itself! Check it out on Facebook!