Taiwan hacker was going to crack Mark Zuckerberg's Facebook page online, but later abandoned his threats

Original author: Debby Wu
  • Transfer
Foreword: An interesting situation was created by Chang Chi-yuan’s Chang Chi-yuan from Taiwan. In fact, he was able to attract the attention of Facebook management in a sufficiently short time.

Taiwan hacker Chang Chi-yuan first reported that he was going to crack Mark Zuckerberg 's Facebook page, and he planned to do this by broadcasting on Facebook itself.

According to the resource Bloomberg, the live broadcast was to start on September 30, at 18:00 local time (13:00 Moscow time).

Link to the broadcast was posted here .

After the publication of this link and the appearance in the technical sections of news publications in Facebook itself, this challenge of the Taiwanese hacker was not commented on.

However, a few hours after this statement, Chiang Chi-yuan withdrew his threats of hacking (September 28, 2018, 7:44 AM GMT + 5 Updated on September 28, 2018, 7:41 PM GMT + 5).

“I’m canceling the broadcast because I reported a bug on Facebook and demonstrate evidence of its presence to the public when I receive an award for identifying it from Facebook,” Chang wrote.

In a post on his page on Friday evening, Chan wrote that he cancels a previously announced online attack on the Facebook CEO page to avoid unnecessary trouble.

"... I should not try to prove myself by playing with Tsuk's account," he wrote.

Chan also posted a video about the vulnerability.

Chan's comments about the video
Found a loophole that can delete the arbitrary user sticker
But it's not like before. Can delete other type of stickers

The scope of this time is limited.
The impact is only the event record when updating profile
Although the event record is public
But not directly in FB

This loophole can record the event of a account
Open with b account number
B account number can also click the delete button directly on the interface
Delete the event record of a

Deleted content only public event record

Can't delete if change id to other post

發現 了 個 貼 可以 任意 使用者 貼 文 的 漏洞 了 不過 這次 不像 之前 一 樣 樣 刪除 其他 類型 的 的 貼 的 文 的 個 資料 資料 的 的 的 個 個 資料 的 的 公開 的 個 個 資料 的 的 的 個 資料 資料 的 的B 直接 出現 在 FB 中 這次 的 漏洞 能將 A 帳號 的 帳號 紀錄 用 B 帳號 打開 用 B 帳號 也 能 直接 在 上 點擊 刪除 按鈕 的 點擊 只限 的 的 的 的 如果 把ID 改成 其他 貼 文 內容 就 無法 刪除

Posted on 元 Monday, September 17, 2018

Chan's comments on video discussion
Abroad Bug Shows Association someone share my video in the discussion
They think the tactics are very creative.
Another post has a lot of people who leave a message to discuss the method.

But my message in Taiwan will always see a group of own research areas that are different from me.
Forced to go sour. I will only web. No hardware or something.
Then say I don't even have him.
It will also run into my version to post a bunch of hardware reverse crack.
By the way, ask friends to leave a message. I can't see it again.

Anyway, there will always be a pile in the discussion area in Taiwan.
You don't matter how to prove your ability.
No matter how much bonus
Find how many loopholes
Discover how many tricks
It's gonna be laughing. I'm bluffing.
People who don't understand anything.

Foreign society someone asked about the bonus thing
The comments below are helping to answer.

PS: In 12 hours everything was decided after the first publication about the beginning of the broadcast, and then the hacker refused to act.

Those. we dealt with the problem and realized that Chan had found something really, or simply decided to “drown out” it with a carrot, not bringing it to the broadcast.

Although very controversial situation. After all, the bug-bounty program works on Facebook and the hacker could immediately report there about the problem found, and not to anticipate and attract attention with such actions with broadcast ...

Also popular now: