A techie named Laxman Muthiyah from Tamil Nadu in India earned a fairly large sum of $12500 from the social networking giant Facebook. The money is a complement for his exceptional discover of a vulnerability which would allow the hackers to delete photos from other user accounts. Mark Zuckerberg, the man behind the discovery of Facebook acknowledged the young techie for his finding. The bug got fixed within hours of being notified about it by the techie.
What makes it worth $12500?
The most attractive thing about the Facebook is that the users are allowed to share their views by uploading photograph. The users feel extreme security and control over these photographs uploaded by them. It is calculated that over 2 billion photgraphs are shared over the Facebook daily. Imagine if these photographs are deleted in a single blow. Facebook team knows the consequences. This bug might end the unchallenged reign of Facebook in the social media network. That’s why they reacted so swiftly and made necessary changes in their programming codes. This is the reason why the young techie got such a handful reward.
Working of the Bug
Muthiyah explains the working of the bug in his blogspot labeled ‘How I hacked your Facebook Photos’. He gave a detailed explanation how this bug which can delete user photos, basically works. He explains that the bug was the result of not properly checking the permissions of Graph API of Facebook. Suppose a user directs any request towards Graph API commanding to delete other user’s photograph and use his own Facebook for Android token inorder for the approval, Facebook receive it and the album gets deleted.
Sophos, an IT security firm once said that the Facebook Photo album IDs are numeric which makes them easy to guess it. It means that the hacker could predict the Id and can make the script to generate Album IDs which would entrust them the complete authority of the Photograph albums. It would finally give hacker the absolute power to the content, in most cases personal contents of the user.
Facebook clarified the public by giving the explanation to the matter. They declared that even though the bug existed, no one ever confronted with any such problem till now. Most interesting fact is that the bug remained unidentified for such a long period of time despite the fact that the program being checked by such an experienced team of tech programmers.
They could not even clarify the matter that what if someone does misappropriation due to the bug. The Facebook team remains silent to the question ‘what if the guy who founded the bug had taken undue advantage of this without reporting the problem?’
What the users should be careful is that they should restrict themselves from being opened up in the public by posting something personal. It should be warning to millions of users including me that by exposing ourselves we are inviting strangers to our personal matters. Thanks to the young talented techie who identified the bug.