Tag : reward

10 year old finds Instagram bug and cashes in big

facebook-instagramJani, the 10 year old that found a bug in Instagram, probably didn’t know you technically have to be 13 years old in order to even have an Instagram account. You may have to be 13 to have an account but there are no rules against age in the bug and hacking community. Jani found the glitch when he was able to delete any users comments off of Instagram. Jani says he was able to delete any text content he wished to, and although he didn’t proceed to delete any user text, he said if he wanted to he could have. The 10 year old, in true 10 year old fashion, related the severity of the bug to that of Justin Bieber, saying he could delete comments from anyone’s page, even Justin Bieber’s. Don’t worry Bieber fanatics, he resisted, and decided to rather exploit the bug to Facebook, wiping one of their comments from their test accounts and cashing in on $10,000.

The bug was detected by Jani in February, patched that same month, with his check in hand a month later. He has decided to buy himself a new soccer ball and bike. He also purchased two new computers for his brothers. Jani wishes to work as a security researcher when he is older, and we think he’s well on his way.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:10-year-old claims $10,000 bug bounty from Facebook

 

The Newest Security Trend – Rewarding Hackers

hacker-malware

There is always that one superhero willing to play nice with the villain. In the world of tech hackers, HackerOne is that superhero. HackerOne acknowledges that modern security is hacker-powered. They have created a platform for vulnerability coordination and bug bounty. In other words, HackerOne works with hackers to find security holes in your company, because to be honest, who better to trust than the villain himself!

HackerOne facilitates communication between hackers and companies. If a hacker does find a bug, HackerOne works as the middleman ensuring the company pays the hacker for the discovery, charging 20 percent commission of the hacker’s pay out. Companies such as Uber, Dropbox, Square, Snapchat, Airbnb, Vimeo, have all joined the HackerOne movement.

Bugcrowd works similar to HackerOne, bringing together good hackers with companies looking to verify their security systems. In comparison to HackerOne, which rewards hackers with a payout decided by the company in question, Bugcrowd works on a subscription basis. Charging a service fee or a project-based charge, Bugcrowd provides market rate suggestions for rewards and manages all payouts for their companies. Their companies consist of AT&T, Dropbox, Facebook, Etsy, Paypal, Twitter, just to name a few. As you might notice, some of the companies listed are clients of both HackerOne and Bugcrowd.

Google, of course, has a public bug bounty program of their own, that offers up to $100,000 for hackers who find vulnerabilities in its Chrome software. Although the reward amount depends on the size of the bug, the rewards are substantial enough to keep hacker interest, ranging from a few hundred dollars to several thousands.

Opening a bug bounty program to the public, puts forth the message that the company values the security of its systems and lessens the likelihood of malicious activity. Despite strong efforts to keep systems secure, no one bulletproof organization exists. In the fight against hackers, a little incentive goes a long way toward a more secure system.

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: Meet the Middlemen Who Connect Hackers for Hire With Corporate America