Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/

By Kim Zetter
Threat Level
Wired.com
08.19.13

Now that Facebook has refused to pay a Palestinian security researcher the 
bug bounty he hoped to earn for reporting a problem with its service, a 
top security researcher has launched a campaign to pay him the money 
Facebook denied him.

The campaign, launched by security pro Marc Maiffret, has raised $6,030 
for Khalil Shreateh thus far, more than ten times the amount that 
Facebook’s bug bounty program pays out for bugs of this sort.

Shreateh, a Palestinian researcher, got attention last week when he 
"hacked" the Facebook page of Facebook founder Mark Zuckerberg after the 
company's security team gave him the brush off for a security flaw he 
reported. The bug would have allowed anyone, including spammers and 
scammers, to post messages to another user’s account, even if the person 
is not on the user’s Friends list.

"That would be an extremely valuable bug," says Maiffret. "There’s so many 
ways to leverage that in cybercrime attacks."

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/