Security Community Raises $12k For Researcher Snubbed By Facebook

Trailrunner7 writes "Like most major Web and software companies, Facebook receives a lot of bug reports. And since the company started its bug bounty program, security researchers have become even more interested in looking for vulnerabilities in the Facebook ecosystem. But, as one researcher learned recently, not all bugs are created equal, and Facebook doesn't like people messing with its users – or its executives. That researcher, Khalil Shreateh, discovered a bug in the Facebook platform that enabled him – or any other user – to post comments on the walls of other users who aren't their friends. That shouldn't be possible under normal circumstances, so Shreateh reported the problem to Facebook through its bug bounty program, hoping to earn a reward from the company. Instead, the company told him he didn't provide enough information. So Shreateh went a step further and demonstrated the technique by posting a message to the wall of Facebook founder Mark Zuckerberg. On Aug. 19, after details of the incident became public, Marc Maiffret, a well-known security researcher and CTO of BeyondTrust, started a crowdfunding campaign to get Shreateh a reward for his work. As of Aug. 23, that campaign has raised more than $12,000 and Maiffret is in the process of transferring the funds to the researcher."

Researcher?

[parkinglot777]

I am now not sure what the word "researcher" mean? The link for the campaign page mentioned about "independent researchers." However, the summary used the word "one researcher." If I correctly recall from his own blog (Khali), he said he is an "unemployed" which is far from a "researcher." Besides, he happened to stumble on the security issue. This does NOT mean a "research"! This web page is simply to get "attention" from people in the community and should NOT be posted on ./ at all. The campaign owner guy, Marc Maiffret, is tainting real independent researcher's name...