If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Slothed)   Hacker reports bug to Facebook security that allows anyone to post to a users wall. Facebook security tells him it's not a bug. Hacker posts bug to Mark Zuckerberg's wall. Now it's a bug   (slothed.com) divider line 78
    More: Dumbass, Mark Zuckerberg, Facebook, bugs, Facebook security, Ugh!, walls  
•       •       •

7843 clicks; posted to Geek » on 18 Aug 2013 at 4:16 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



78 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-08-18 12:58:41 PM
We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site

There's no way that could possibly backfire on these cheap assed four flushing chiselers.
 
2013-08-18 01:19:43 PM
Jeez, they can't even pay out $500?
 
2013-08-18 01:26:46 PM
Let's get this out of the way...

FARK YOU MARK ZUCKERBERG, YOU SLIMY PIECE OF SCHITT!!!

OK.  Now that that's done...


Marcus Aurelius: We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site

There's no way that could possibly backfire on these cheap assed four flushing chiselers.


No. Joke.  I cannot WAIT to see what this and other (former) white hats do to Zuck now.
 
2013-08-18 01:39:13 PM
Fark facebook.
 
2013-08-18 02:32:09 PM
Pay the guy, ya cheap bastards.
 
2013-08-18 03:24:35 PM
$500 would have saved them some annoyance.
 
2013-08-18 03:34:29 PM
No shiat...  pay the guy.  He tried to report it and your security people told him it's supposed to work that way.
 
2013-08-18 04:19:58 PM
There are actual humans who work for Facebook? I thought most of their coding work was done by a giant warehouse of chimpanzees with iPads.
 
2013-08-18 04:21:54 PM

labman: No shiat...  pay the guy.  He tried to report it and your security people told him it's supposed to work that way.


It was.  Right up until it wasn't.   Now if he discovered the bug now, that it's not supposed to work that way he'd get his bounty.  But he reported it when it was supposed to be that way so he doesn't.

Corporate thinking right there (i.e. brain dead and demanding purple crayola).
 
2013-08-18 04:27:43 PM

Marcus Aurelius: We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site

There's no way that could possibly backfire on these cheap assed four flushing chiselers.


Exactly. I read that and I was like...ahahaha, okaaaaaaaay. Nice life choices there, facebook.
 
2013-08-18 04:31:41 PM
Facebook = total bullsh*t. Zuckerberg = cheap bastard.
 
2013-08-18 04:36:31 PM
What the hell is $500 to Facebook?  What a bunch of complete assholes.
 
2013-08-18 04:40:58 PM
fark Facebook. I wouldn't mind seeing that social media sewage site get ripped apart by hackers.

Not that the sites I frequent are above being treated as such, either. Any social media site inevitably becomes a slurry of garbage that foresakes any of its founding principles in favor of increasing revenue, damning itself to being the exact same thing it claimed to hate for a decade.

...yes, I'm obviously talking about Digg.
 
2013-08-18 04:43:30 PM

Vaneshi: labman: No shiat...  pay the guy.  He tried to report it and your security people told him it's supposed to work that way.

It was.  Right up until it wasn't.   Now if he discovered the bug now, that it's not supposed to work that way he'd get his bounty.  But he reported it when it was supposed to be that way so he doesn't.

Corporate thinking right there (i.e. brain dead and demanding purple crayola).


Yeah, this sort of shiat is exactly what bureaucratic garbage and mindless legalese leads to. "Hey, thanks for pointing out this flaw that probably saved us a few hundred grand by letting us catch it before malicious people could really use it to wreck our shiat. But you didn't do it just right, so we're not going to give you the pittance we promised. Terms of service uber alles."
 
2013-08-18 04:45:23 PM
in America, its only a problem if it bothers Billionaires.   we call that Democracy.
 
2013-08-18 04:46:08 PM

TeDDD: What the hell is $500 to Facebook?  What a bunch of complete assholes.



like most American companies, its 500 bucks less than they had before.
 
2013-08-18 04:46:46 PM
it's not a bug it's a feature.  no, wait, yes it was
 
2013-08-18 05:02:09 PM
Being from Palestine didn't help the chap, Zuckerberg only speaks Californian.
 
2013-08-18 05:03:12 PM
I translated their letter to him from marketing bullshiat to normal speech:

"Because we are too incompetent and stupid to understand the simple and complete description of the bug you discovered, we are going to punish you for making us look bad."
 
2013-08-18 05:05:49 PM

OgreMagi: I translated their letter to him from marketing bullshiat to normal speech:

"Because we are too incompetent and stupid to understand the simple and complete description of the bug you discovered, we are going to punish you for making us look bad."


This is an accurate translation. Blocked account + no monies? Stay classy, Facebook.
 
2013-08-18 05:06:20 PM
I'm guessing that his original report wasn't able to be understood by the FB security team due to a language barrier or because the hacker didn't report it using what is considered a standard bug reporting format (or something silly like that). The idiots not getting back to him and asking for clarification and instead blowing him off just shows a complete lack of professionalism.

The guy's reporting a bug. You don't just mark the bug closed with "could not reproduce". Bug finders take that shiat personal!

/Professional QA Engineer
//Try to never report a bug without 100% reproducibility
///Sometimes it still gets blown off
 
2013-08-18 05:08:03 PM

JayCab: I'm guessing that his original report wasn't able to be understood by the FB security team due to a language barrier or because the hacker didn't report it using what is considered a standard bug reporting format (or something silly like that). The idiots not getting back to him and asking for clarification and instead blowing him off just shows a complete lack of professionalism.

The guy's reporting a bug. You don't just mark the bug closed with "could not reproduce". Bug finders take that shiat personal!

/Professional QA Engineer
//Try to never report a bug without 100% reproducibility
///Sometimes it still gets blown off


But I attached a screen shot of the bug!
 
2013-08-18 05:09:21 PM

JayCab: I'm guessing that his original report wasn't able to be understood by the FB security team due to a language barrier or because the hacker didn't report it using what is considered a standard bug reporting format (or something silly like that). The idiots not getting back to him and asking for clarification and instead blowing him off just shows a complete lack of professionalism.

The guy's reporting a bug. You don't just mark the bug closed with "could not reproduce". Bug finders take that shiat personal!

/Professional QA Engineer
//Try to never report a bug without 100% reproducibility
///Sometimes it still gets blown off


If I close an issue with "could not reproduce" after spending all of five minutes looking at the problem, my boss will give me a major ration of grief.  Can't reproduce it?  Ask the person reporting the problem for more information.  And spend more than five minutes on it, too!
 
2013-08-18 05:09:37 PM
stay classy zuck
 
2013-08-18 05:19:48 PM

fustanella: OgreMagi: I translated their letter to him from marketing bullshiat to normal speech:

"Because we are too incompetent and stupid to understand the simple and complete description of the bug you discovered, we are going to punish you for making us look bad. You think we got rich by writing a bunch of checks?  I suppose you also believe stores with a 'we will match anyone's price' policy actually match prices from other stores"

This is an accurate translation. Blocked account + no monies? Stay classy, Facebook.


b.vimeocdn.com

/take his bug report, boys.
 
2013-08-18 05:43:58 PM
They probably get hundreds of phony "security" bug reports every day and make some poor intern sort through them all.
 
2013-08-18 05:56:41 PM

Linux_Yes: in America, its only a problem if it bothers Billionaires.   we call that Democracy.


Or, in the case of Facebook, the Zuckerbergs.

Didn't (yet another) privacy update come out only after someone shared or copied a family photo from the Zuckerberg Thanksgiving dinner or something?
 
2013-08-18 06:02:42 PM
I'm not one to whip out the race card, but since Khalil is Palestinian and Zuckerberg is Jewish, you just gotta wonder.
s8.postimg.org

/Puts on tinfoil yamaka.
 
2013-08-18 06:03:55 PM

theorellior: There are actual humans who work for Facebook? I thought most of their coding work was done by a giant warehouse of chimpanzees with iPads.


You're confused, that's the design team.
 
2013-08-18 06:05:21 PM

Benevolent Misanthrope: Let's get this out of the way...

FARK YOU MARK ZUCKERBERG, YOU SLIMY PIECE OF SCHITT!!!

OK.  Now that that's done...


Marcus Aurelius: We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site

There's no way that could possibly backfire on these cheap assed four flushing chiselers.

No. Joke.  I cannot WAIT to see what this and other (former) white hats do to Zuck now.


I hope they go nuts and really start screwing things up.
 
2013-08-18 06:27:28 PM
His sister is also a jerk.
 
2013-08-18 06:33:17 PM
clancifer
Jeez, they can't even pay out $500?


Dear Internet, please turn that story into rumors
"Their current numbers must be so bad that nobody can authorize $500 dollars to avoid bad PR and breaking their public promises.
Will they reneg on YOUR money next?
Can you really trust their newly released "Facebook Payments" platform?
#Facebroke
"
and hope for karma to take a look at the stock price.
 
2013-08-18 06:49:04 PM
I hope anonymous farks with facebook.
 
2013-08-18 07:02:00 PM
Fark Zuckertwat.
 
2013-08-18 07:03:53 PM
Good job, assholes.

Someone should set up a kickstarter to collect the $500 this poor guy deserved.
 
2013-08-18 07:05:27 PM
I was under the impression that the guy "reporting" it gave no indication of how he did what he did (which is very unhelpful) and did it to unconsenting real users (a dick move). So I really don't see the problem with Facebook's actions here.
 
2013-08-18 07:17:30 PM

JayCab: /Professional QA Engineer


Dude, there's no such thing.  When the knives are out, you guys are the only group shoved out the door faster than R&D.
 
2013-08-18 07:26:58 PM

clancifer: Jeez, they can't even pay out $500?


They will if they don't want to suffer for it.
 
2013-08-18 07:39:53 PM
Despite crap like this, i still really enjoyed The Social Network.
 
2013-08-18 07:45:55 PM
Nope, still not signing up for FB.
 
2013-08-18 07:57:44 PM
Sorry, FB, you don't get to deny a bug's existence because the reporter's English skills aren't up to your exacting standards.

Your bug tracking system most likely has a selection for "Issue closed -- could not reproduce". It does NOT have a selection for "Issue closed -- could not be bothered to ask for enough information to reproduce". And it really, REALLY shouldn't have a selection for "Reopen issue and screw reporter".
 
2013-08-18 07:59:00 PM

dragonchild: JayCab: /Professional QA Engineer

Dude, there's no such thing.  When the knives are out, you guys are the only group shoved out the door faster than R&D.


Yeah, and it's a real treat to stick around those last few weeks between the time they fire the QAs and the time the company finishes imploding.
 
2013-08-18 09:17:58 PM

dragonchild: JayCab: /Professional QA Engineer

Dude, there's no such thing.  When the knives are out, you guys are the only group shoved out the door faster than R&D.


Yeah, I know.

/Just happened again last month.
 
2013-08-18 09:18:26 PM
I really hope he didn't send them any more information after they told him they weren't paying...
 
2013-08-18 09:45:15 PM
He'll get over it.
 
2013-08-18 09:51:02 PM
I heard they're already bulldozing his Farmiville plots.
 
2013-08-18 09:51:51 PM
It's nice to know I'm not the only person not on Facebook. I've been closeted on this for the longest time.
 
2013-08-18 10:16:43 PM
Facebook will be history in 5 years.
 
2013-08-18 10:16:57 PM

TeDDD: What the hell is $500 to Facebook?  What a bunch of complete assholes.


$500 is nothing to Facebook but to whatever middle manager is in charge of whatever department is responsible for the reward program, it's probably a lot of money from his/her budget. This happens all the time in big companies where some cubicle drone makes a decision that saves their department a few bucks but ends up costing the company a huge amount in either bad PR or lawsuits. I'm sure the top people at Facebook would have been more than happy to take $500 out of their own personal bank accounts to keep this quiet if they knew about it. But since it was the responsibility of some random cog buried deep in the machine, it got handled poorly. Whoever decided it wasn't a bug and to brush the guy off is probably updating their resume.
 
2013-08-18 10:24:49 PM
he could have done considerable damage to Facebook on his own, or sold the info to someone else. at least with the press he is getting now, he could get a decent job out of this.

perhaps Facebook should have whitehat instructions in multiple languages? oh I don't know, that might make too much sense.
 
Displayed 50 of 78 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report