Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Intern Gets Preemptive Ax For Exposing Security Flaw

Posted by timothy on from the because-they're-all-edgy-and-wear-hoodies dept.

Engadget reports that Harvard student Aran Khanna, who was about to begin an internship at Facebook, had that internship yanked after he created (and took down, but evidently too slowly for the company's taste) a browser plug-in that exposed a security flaw in Facebook, by allowing users to discover the location of other users when they use the Messenger app. Surely Khanna won't be jobless or internship-less for long. (Don't expect the app to work now; it's still in the Chrome store as a historical artifact, though, and at GitHub.)

1 of 103 comments (clear)

  1. FTFY by jklovanc · · Score: 0, Troll

    employee or white hat or grey hat comes to you with an exploit.

    Too bad that is not what happened. The following is a much closer description.

    A recent hire who has yet to start work publishes an implementation of an exploit so that anyone can use it

    Here are the differences.
    1. He had yet to start work
    2. He let the exploit out to the general public before informing his soon to be employer.
    I believe that it would have been a different story had he just reported the exploit to Google rather than publishing it.

    oh, the guy wrote an app instead of coming to you immediately? gee, how horrible

    That is the difference between a white hat and a black hat. It shows poor judgement, need for recognition and the propensity to do similar stupid things in the future.

    Lets look a a similar situation. Say you boss is walking around a conference with is fly open. Which of the following do you do?
    1. Ignore it and hope he realizes.
    2. Talk to him and discretely mention the issue.
    3. Stand in the middle of the room and shout out the fact that your boss has his fly down.
    This guy chose option 3 which shows how little judgement and tact he truly had.

    oh, all complicated software has exploits? true. so you're really eager to plug those holes any way you can, right? you're really glad someone found one for you, right? prove it, by rewarding those who find the holes

    There is a right way and a wrong way to do thing and this guy chose the wrong way.