The 25-year-old Syrian man, Baraa Habab, was able to discover a critical loophole in the official website of the insurance company of most Egyptian banks, such as Banque Misr, Al-Ahly Bank, Cairo Bank, Abu Dhabi Islamic Bank and others.
The loophole involves Reflected cross-site scripting (XSS). It allows the hacker to introduce malicious codes to the site until it accesses the database and asks the database to display the information stored in it in the form of an “error message”.
This loophole is used to steal cookies or the unique session ID of a user’s browser.
This is the third loophole discovered by the genius Damascene programmer, Baraa Habab. He previously discovered security loopholes on Facebook in 2017, and he wrote to them to inform them of it. They ignored him, so he challenged them to prove the validity of his discovery in their own home. He hacked the account of one of the Facebook founders and wrote a phrase in both Arabic and English, “There is no such thing as 100 per cent protection, there is always a missing loophole.” Facebook was forced to listen to him and he had important documents through which he was able to convince them that they had a security loophole in their website. They thanked him and employed him as a “security guard”, as well as added his name to the list of honour.
READ: Egypt pound hits record low amid calls to fully liberalise exchange rate
After his employment, he discovered the second vulnerability in 2018, which allows him to violate the privacy of millions of users without their knowledge. He managed to remove a new technical loophole that enables the hacker to see any photos, videos or stories that the user downloaded from Facebook on his device without posting.
Such a weakness is very sensitive to a large company like Facebook to protect the privacy of its users and its reputation, which would have been subjected to a great upset had it not been discovered by this young genius, Baraa Habab.
Baraa provides great assistance to companies to ensure protection and information security, and he also assists many people affected by fraud on their official pages on Facebook and restoring the owner of the page.
He also works to provide information security content to educate people more about electronic blackmail and create a safe space for all our accounts and affairs on the Internet, in general, and social networking sites, in particular.
The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Monitor.
Unless otherwise stated in the article above, this work by Middle East Monitor is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. If the image(s) bear our credit, this license also applies to them. What does that mean? For other permissions, please contact us.
Spotted an error on this page? Let us know
Latest news
See all
