Zuckerberg's Facebook Page Hacked: Who Is Next?

REPLAY VIDEO
Your next video will start in
Pause

Recommended Videos

  • Info

  • Comments

  • VIDEO TEXT

Aug. 19 (Bloomberg) –- Security Compass VP Rohit Sethi discusses Facebook Founder and CEO Mark Zuckerberg’s timeline being hacked as well as the Facebook bug bounty program. He speaks with Emily Chang on Bloomberg Television’s "Bloomberg West." ( Source: Bloomberg)

Aggressive in the way you require companies and you have to be smart about which companies you want to partner with.

I think it is a combination of the two.

How does zumper stand out?

We are one of the newer players.

We have a lot to do one thing that has surprised us is the reaction to mobile.

It was the theory we have to do it because a lot of search happens on mobile.

The minute we released our iphone app, we got a lot of attention.

It is a clear signal if you want to win big in rentals, you have to have a great mobile experience.

Renters are walking around with iphones and android phones.

They want to search on the spot.

There is a lot you can do with that technology.

Zumper coo and co-founder, thank you for joining us.

A mysterious post popped up on mark zuckerberg's timeline.

We will explain what it could mean for your security on the social network.

You can watch us streaming.

? welcome back.

I am emily chang.

It turns out not even mark zuckerberg is safe from hackers.

A facebook user who identified himself as an unemployed programmer from palestine posted on his timeline last thursday.

He is not friends with him on facebook.

He claims he was trying to reveal a security bug that allows people to post on anyone's timeline.

He says he contacted them twice about the error but was ignored.

Someone from the security team responded saying they should have pushed for more information.

Hundreds of reports a day.

How did the hacker do it?

I want to bring in the vice president of product development at a security firm specializing in software development and cyber security training.

Explain what happened in layman's terms.

Somebody who was searching on facebook looking at some of the features noticed there is a bug bounty program.

That means if they can explain and show a security problem, they will get paid for it.

He essentially found a way using basic changes to the way the browser talks to the server, he did that and was able to post to somebody else's profile, to the wall, when he should not have been able to.

He was not a friend of that person.

Clearly this was too easy to do.

How big a deal is this?

How serious is a security flaw like this?

On the surface, it does not seem that big posting on someone's wall.

You have to think about facebook users.

You have a lot of younger users that might be the target of predators.

A less serious case would be unintended spamming on a bunch of user profiles.

If it was not a hacker telling facebook about the issue, it might have been exploited.

Facebook did say they fixed the bug last week but should have been better about responding.

All this is part of their bug bounty program where they reward people for exposing flaws.

What do you think about programs like this?

It is something other companies do as well.

That is right.

I think it is a great idea and concept.

These companies are trying to expand their security teams.

It is very difficult to have the kind of security research inside the company that can expose all of these kinds of bugs.

People were hiding in to these sites anyway and not revealing it to the companies.

Often they would sell the exploits on the black market.

You can make thousands of dollars in some cases selling it to people who will sell it to criminals essentially.

They are trying to find another way to incentivize people to find the vulnerabilities and report it to the company so they can fix it.

It is a more responsible way of finding issues.

As far as you know, have done everything they should have done already?

-- has done everything they should have done already?

Could this pop up on other sites as well?

This is a specific type we have seen for a long time.

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change