Entries with tag bug bounty programs.

Google Broadens Reward Program Again

Google has expanded its Patch Reward Program, which is given to developers who proactively improve their open source software. Among the additions to the program are Web servers such as Apache and httpd; the OpenVPN application for implementing virtual private networks; and the Android Open Source Project, a Google-led initiative that has produced a software stack for a wide range of mobile devices. Last month, Google started providing incentives between $500 and $3,133.70 for proactive improvements to open source software, as opposed to patching a known bug. (SlashDot)(The Next Web)(Google)

Internet Users Raise Bounty for Palestinian Researcher

A former hacker created a crowdfunding campaign in support of a Palestinian security researcher after the man was denied a bug bounty by Facebook. Khalil Shreateh discovered a vulnerability that allows a user to post to anyone’s wall, friend or not. After his initial report was dismissed, he posted a note to Mark Zuckerberg’s wall, stating he had “no other choice.” Facebook claims there was insufficient technical detail provided by Shreateh, which did not allow them to replicate the bug and denied him the reward for finding the flaw. The campaign to remunerate Shreateh was launched by Marc Maiffret, a security researcher now with BeyondTrust, and was a teen hacker in the 1990s who infamously hacked Microsoft as well as other corporate and government websites. He says this incident highlights the importance of independent security researchers who do the right thing by contacting companies about security issues they find. To date, the GoFundMe campaign has raised US$11,000 in a single day.  Maiffret told Businessweek, “I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the internet community at large.” (AFP at The Herald Sun)(Businessweek)

Facebook Award Bug Bounty to UK Researcher

Facebook awarded $20,000 to UK security researcher Jack Whitton who found a critical bug in the social network’s text-messaging service that would let attackers access and use someone’s account by sending a message. The attack uses Facebook’s feature that permits users to log in with a telephone number linked to their account. Whitton, who also participates in other bug bounty programs, discovered the hacker can tie his own phone number to the target account, then reset the password with a text message. Whitton posted a detailed accounting of the flaw on his website < http://blog.fin1te.net/post/53949849983/hijacking-a-facebook-account-with-sms >.
(BBC)(Help Net Security)(fin1te -- Whitton website)

Showing 3 results.