bounty
Latest
Houseparty says it wasn't hacked, offers $1 million for 'smear campaign' proof
Popular video-calling app Houseparty is offering a $1 million bounty to anyone that can prove the app has been a victim of reputational sabotage. The announcement, made by the company over Twitter, comes amid swiftly circulating rumors that the app has been hacked -- Houseparty believes these rumors have been circulated as part of a "paid commercial smear campaign," and says there is no evidence to back up claims that the app has been compromised in any way.
Google spent a record sum rewarding researchers for hacking its products
Google is not messing around when it comes to its bug bounty program. Last year it paid out $6.5 million to researchers that reported vulnerabilities -- almost double the $3.4 million paid out in 2018. The largest single award was for $201,337, which was given to Guang Gong of Alpha Labs, who discovered a major exploit on the Pixel 3.
Libra Association opens Bug Bounty program to everyone
Facebook's Calibra digital wallet isn't expected to launch until 2020. But, as you might expect, the organization created to protect the Libra cryptocurrency that will be used with Calibra (and other Libra financial services) is already working to ensure it keeps people's data safe. We're talking about the Libra Association, the independent group in charge of governing Libra, which has announced it is now welcoming all researchers who want to help test the security of its blockchain technology -- in exchange for financial rewards, naturally. The Libra Bug Bounty program was announced at the time when the Libra Association became official in June, but now the nonprofit will be opening it to the public.
Facebook expands its Data Abuse Bounty program to Instagram
Facebook will start rewarding security researchers who report data abuse happening on Instagram, the company has announced. This is an expansion of Facebook's Data Abuse Bounty program, which it introduced in April 2018. As part of these efforts, Facebook will now start accepting reports about third-party apps that improperly access and store user data, including applications and services that offer fake likes, comments and followers. Essentially, any app that asks for people's login information (like usernames and passwords) is violating Instagram's terms of use -- and Facebook wants the security community to notify it of anyone who may be taking advantage of this.
Apple extends bug bounty and provides special iPhones for researchers
Apple wants everyone to know that it's taking security seriously, and it's willing to pay for it. The company announced today that it is launching a new bug bounty program that will pay people up to $1 million for discovering and disclosing security flaws in macOS, tvOS, watchOS and iCloud. The company also revealed that it will provide security researchers with special iPhones to help them discover bugs before hackers do, according to Bloomberg. The iPhone program had been rumored earlier this week.
'Red Dead Online' will turn the tables on griefers
Red Dead Online fans have been fairly vocal about their issues with the game since its launch in November. The in-game economy, lack of missions and griefing are just some of the more commonly cited problems, but Rockstar Games is taking steps to address this. On February 26th Red Dead Online will be getting a big update which, Rockstar hopes, will improve things.
Google triples max bounty for Chrome bugs to make the browser safer for users
Google has long been rewarding anyone who can dig up Chrome browser bugs with a nice amount of cash, but the longer the reward program runs, the harder it is to find vulnerabilities. Thus, Mountain View's upping the max reward a dedicated bounty hunter can get to $15,000 for each high-quality report -- not as big as the $110,000 reward it offered for Chrome OS security bugs in January, but still 10 grand more than the previous $5,000 max. Also, recipients can now prove to their doubtful friends that they've indeed made Chrome a safer browser for them, as they'll now be listed in the program's new Hall of Fame page.
Facebook is doling out bounties to folks who find Oculus bugs
Facebook has a storied history of shelling out bounties to whomever manages to unearth bugs in its systems, and according to The Verge now it's willing to pay out cash to folks to find who do the same for Oculus VR's code. Interested? You'll stand to make a minimum of $500 for your efforts, and just how high that reward goes depends on the complexity and severity of the issue you dig up. This sort of bug hunting has the potential to become an awfully lucrative hobby - after all, Facebook didn't shell out billions of dollars to invest in the future of communication only to skimp when it comes to patching potentially critical problems. Here's the thing, though: you probably won't be ferreting out bugs in the Oculus hardware just yet. Facebook product security engineer Neal Poole told The Verge that most of the issues facing Oculus aren't found in the face-mounted VR goggles; instead, they lay dormant on Oculus' website and in the messaging system developers use to keep tabs on each other. Yeah, we know, sort of bummer - just know that Poole didn't completely close the door on more involved bug hunts down the road.
Kim Dotcom offers whistleblowers $5 million to help Megaupload's case
The basic facts of how Megaupload was shut down in 2012 are public knowledge. But the founder of the file-sharing service, Kim Dotcom, believes there's a subtext to what really happened -- and he's looking for your help to prove it. In essence, he claims to be the victim of a "corrupt" plot between two back-scratching parties: the US authorities, which supposedly wanted to secure the re-election of President Barack Obama, and the movie moguls of Hollywood, who allegedly offered influence over votes in return for having Megaupload terminated for copyright abuse. The only problem? Dotcom will actually have to prove all of this to a New Zealand court, otherwise he'll face extradition to the US, not to mention a string of further civil lawsuits. And so far, it isn't going well.
The Art of Wushu: Finishing the job
Last episode, we talked about getting a bounty and the mindset of a career criminal. Unfortunately, this is the last Art of Wushu, but that doesn't mean we can't finish what we started. And that means talking about the art of killing good guys. Having a bounty means living on the edge. A lot of the time we take for granted the fact that we can walk around in Chengdu without too much fear. This is not true if you have a bounty. Every moment you spent logged in is spent on edge because a constable could jump you at any moment. You are constantly doing 360 degree camera spins looking around for trouble. You position yourself where you can easily run away, and you have escape plans in your head if things go bad. You worked really hard for your bounty, and you don't want to lose it because you lost focus for a moment. This kind of thrill is the most satisfying thing for me about Age of Wushu. When I get to log in, have that bright red star swirling around me and know that I need to be on the move immediately is the best feeling in the world for me.
Wurm Online still offline, offers bounty for DDOS attacker
Wurm Online's 1.2 patch was supposed to herald a day of rejoicing for the community, but that quickly turned sour as a severe DDOS attack on its hosting forced the devs to take the game offline for over a day now. "Shortly after todays update we were the target of a DDOS attack and our hosting provider had to pull us off the grid for now," Code Club posted. "As annoying as this may be, we are taking steps to turn this to everyones advantage. I announced earlier that we were already looking at migrating the hosting of Wurm. When the attack forced us offline, we went straight ahead and pushed for this to happen as soon as possible." The team is working on switching hosting and said that service should be restored within a day. Code Club is offering a bounty of 10,000 Euro "for any tips or evidence leading to a conviction of the person responsible for this attack."
The Art of Wushu: Getting yourself a bounty
We all know what side of the law I fight on in Age of Wushu: the bad guy side. However, there's a marked difference between being a professional criminal and an indiscriminate mass murderer. Being a criminal means that you need to be more discreet in which targets you kill. If I don't have a bounty, a kill that doesn't get me a bounty is pointless. Infamy is a resource, and if I ramp it up too much, I could be looking at jail time without even getting a bounty. Nothing is more frustrating than having to idle for hours in some out of the way place because my infamy shot up over 2000, but it's pretty easy to get there. Being selective in whom I kill helps prevent those kinds of mistakes.
EVE Evolved: Has colonisation been forgotten?
At last year's EVE Online Fanfest, CCP revealed its ambitious plan to take the game where no sandbox MMO has ever gone before: full deep space colonisation. The plan will be delivered over the next five years and will end with the incredibly exciting vision of players building their own stargates and colonising brand-new solar systems that lie off the grid. Rubicon was intended as the first step toward this glorious plan, and its new focus on deployable sandbox structures certainly seemed to be introducing a more player-directed form of colonisation. I've been cautiously optimistic about the whole endeavour so far, but five years is hell of a long time to wait for that vision to come to fruition. Rubicon's Mobile Depot structure was a great first step toward player-run empires on all scales, but none of the recently announced Rubicon 1.1 deployables has continued along the same theme of colonisation and exploration. The Mobile Micro Jump Drive and Mobile Scan Inhibitor structures I looked at last week provide extra tactical options in PvP, and the three new structures revealed this week are all designed to steal money and resources from nullsec corporations. In this week's EVE Evolved, I ask whether the newly revealed Encounter Surveillance System and alternate Siphon Units are a step in the wrong direction. With games like Star Citizen and Elite: Dangerous on the way, CCP may not have five years to deliver the promise of colonisation.
The Art of Wushu: Doing the time for doing crime
Bounties are the primary way that PK victims in Age of Wushu get to fight back against their assailants. If you murder someone, your victim can force you to spend time in jail and pay a constable for the service of putting you behind bars. Much as in EVE Online's original bounty system, there are a few kinks. Overall, it works reasonably well, but there is a disconnect between the intent of the system and how it actually works. As a career criminal, I feel that having a bounty and dealing with it is what separates professional killers from mass murderers.
EVE Evolved: Ghost Sites and PvE goals
PvE in most MMOs revolves around killing hordes of NPCs for currency, XP, tokens, or loot, and EVE Online is no exception. Players can hunt for rare pirate ships in nullsec asteroid belts, farm Sansha incursions for ISK and loyalty points, or team up against Sleeper ships in dangerous wormhole space, but most prefer the safe and steady income of mission-running. Missions are essentially repeatable quests that can be spawned on request, providing an endless stream of bad guys to blow up in the comfort of high-security space. Completing a mission will earn you some ISK and a few hundred or thousand loyalty points, but most of the ISK in mission-running comes from the bounties on the NPCs spawned in the mission sites. Similar deadspace sites with better loot are also distributed randomly throughout the galaxy and can be tracked down using scanner probes. But what would happen if the NPCs in these sites were a dangerous and unexpected interference that could get you killed, rather than space piñatas ready to explode in a shower of ISK? This is a question CCP plans to test with the Rubicon expansion's upcoming Ghost Sites feature, which promises to introduce a whole new form of high-risk, high-reward PvE. In this week's EVE Evolved, I look at EVE's upcoming ghost sites and explain why I think its goal-oriented approach to PvE should be adopted in other areas of the game.
Microsoft and Facebook team up to offer bug bounties for a safer internet
In an effort to battle hackers and keep the internet safe and secure, Microsoft has teamed up with Facebook to sponsor an Internet Bug Bounty program that'll offer a cash prize to anyone able to uncover important web vulnerabilities. Rewards range from $300 to $5,000 depending on the severity of the flaws, and might go even higher if the discovery is deemed important enough. Only those in the US will be eligible to receive the prize and the money will have to go through a legal guardian if you're under 12 years old. The security findings must be widespread, severe, novel and not specific to any one site. They'll be judged by a panel of experts from Microsoft, Facebook, Google, security consulting firm iSEC partners and Etsy. It's yet another sign that when it comes to creating a better internet for everyone, tech giants can indeed put their differences aside.
Yahoo announces security exploit bounty with payments up to $15,000
Earlier this week, Yahoo was accused of using change in its sofa cushions as compensation for reports of security exploits, but now the whole ordeal has generated enough buzz to bring about change for the internet pioneer. As it turns out, these small prizes (along with rewards such as t-shirts) were paid for out of pocket by Ramses Martinez, the director of Yahoo's security team, who took a moment today to explain the company's new -- and far more lucrative -- bounty program. Moving forward, Yahoo will reward security researchers with payments that range between $150 and $15,000 for issues that it deems "new, unique and / or high-risk." The company is still in the early stages of hammering out a new policy, but promises that payments will be determined "by a clear system based on a set of defined elements that capture the severity of the issue." Yes, these amounts still pale in comparison to the massive sums that Microsoft recently offered, but researchers now have reasonable incentive to inform Yahoo of the exploits, rather than sell them on the black market. According to Martinez, Yahoo's revised policy will be available by the end of the month, and as a nice gesture, its new reward structure will retroactively apply to all bugs submitted from July 1st onward.
Hey, bounty hunters: Microsoft is paying $100k for Windows 8.1 Preview exploits
Chalk up one more reason to check out Windows 8.1 Preview when it becomes available on June 26th. Today, Microsoft announced that it'll pay up to $100,000 in cash to those who discover and report novel security exploits within its latest OS revision, along with up to $50,000 in bonus loot for defensive suggestions that relate to the attack. But wait... there's more. Starting on June 26th and running through July 26th, the Redmond outfit will also pay up to $11,000 toward the discovery of critical vulnerabilities within Internet Explorer 11 Preview (Windows 8.1 Preview). Whether you're motivated by your bank account or the good of humanity, you can start taking your best shots at Microsoft's latest code just one week from now.
Flameseeker Chronicles: Guild Wars 2's March update
It's patch day! Today marks the arrival of the long-awaited World vs. World patch for Guild Wars 2. There are, of course, many other things being bundled into this month's big update, but WvW might be stealing the show a bit. Of course, WvW updates probably mean hideously long waiting times as folks hop in to check out the new shinies, so how about you go ahead and queue up for whichever Battleground you prefer, and we'll talk about the details of this patch while you wait.
CCP lays out the details on EVE's revamped bounties, kill rights, and more
It's time to learn about what CCP has been up to in EVE Online! The newest dev blog is just brimming with juicy tidbits on the team's work for Retribution, especially concerning the bounty, kill rights, and war systems. Bounty Hunters now have their own listing in the Bounty Office. Any bounties a player has posted can be tracked via the "My Bounties" tab. The minimum price for bounties has been lowered, and you'll be informed of precisely who has placed a bounty on you (which is marginally better than the looming knowledge that some faceless someone, somewhere, wants you dead). The kill right system has been retooled, clarified, and made more accessible through players' character sheets. Aggressors now have an option to retract wars that have been made mutual, thereby ending the war in 24 hours. Cost multipliers for multiple wars have been eliminated, and cost scaling has been retuned. Read all the details over at the official blog.
