bugbounty
Latest
The $1 million iOS bug bounty is bad for security research
The public perception of the black-hat hacker is of a lone person sitting in a dark room creating malware and unleashing it on the world and reaping the profits of their exploit. The reality is a bit more complicated and far more financially lucrative. Nothing shines a light on this more than the Zerodium publicity stunt of offering $1 million for iOS 9 zero-day exploits. Founder Chaouki Bekrar has a history of selling exploits to the highest bidder instead of disclosing the issue to the maker of the compromised product. It flies in the face of responsible disclosure of exploits by security researchers and means that anyone with enough cash will have the ammunition to ruin the digital life of anyone with an iPhone.
Find a security flaw and United Airlines will pay you in... miles
In the world of digital security, bug hunting is the practice of finding holes in a corporation's security and selling it back so the problem can be quietly fixed. Companies such as Microsoft know that it's far cheaper to pay researchers up to $100,000 up-front, rather than facing a massive public security breach shortly afterward. United Airlines has just started one of its own bug hunting programs, but the airline treats security experts much like it does its disgruntled passengers. Rather than just pay fees out in cold, hard, useful cash, the Joffrey Baratheon of airlines has decided to offer united air miles as a bounty.
Facebook will pay you serious cash to make the internet more secure
Internet security bugs suck -- who actually wants to go through all their accounts to change passwords? Nobody, that's who. That's why many tech companies have bug bounty programs or security research grants, such as Facebook's Internet Defense Prize, which has now upped its reward to $300,000 for 2015. The company awarded its first winners, a couple of German researchers from Ruhr-Universität Bochum, in August with $50,000 for using statistic analysis to detect malware stored on web servers for later use. The money was awarded so they could look into finding a solution for the issue. Now, a larger amount is at stake in order to entice more people into finding ways to make the internet more secure. Other than that, the social network is also launching an open source framework/tool called osquery (check out its code on Github), which you can use to find bugs in operating systems, particularly Ubuntu, CentOS and Mac OS X. In fact, Facebook wants you to use osquery to do some bug-hunting right now and will even pay you $2,500 for each vulnerability you report. [Image credit: Alamy]
Facebook is doling out bounties to folks who find Oculus bugs
Facebook has a storied history of shelling out bounties to whomever manages to unearth bugs in its systems, and according to The Verge now it's willing to pay out cash to folks to find who do the same for Oculus VR's code. Interested? You'll stand to make a minimum of $500 for your efforts, and just how high that reward goes depends on the complexity and severity of the issue you dig up. This sort of bug hunting has the potential to become an awfully lucrative hobby - after all, Facebook didn't shell out billions of dollars to invest in the future of communication only to skimp when it comes to patching potentially critical problems. Here's the thing, though: you probably won't be ferreting out bugs in the Oculus hardware just yet. Facebook product security engineer Neal Poole told The Verge that most of the issues facing Oculus aren't found in the face-mounted VR goggles; instead, they lay dormant on Oculus' website and in the messaging system developers use to keep tabs on each other. Yeah, we know, sort of bummer - just know that Poole didn't completely close the door on more involved bug hunts down the road.
Facebook reveals Bug Bounty numbers, has awarded over $1 million in reward
Facebook wants you to know it's taking security seriously -- enough for Zuckerberg and Co. to pay out over $1 million in reward within two years for its Bug Bounty program. According to a recent blog post, it's awarded a total of 329 digital bounty hunters at least $500 for discovering and reporting security issues to the social network. The participants came from all walks of life across the globe (the youngest being a 13-year-old), and the most resourceful ones have already made more than a hundred grand each. Facebook isn't alone in exchanging big money for bug reports -- Microsoft, for one, is offering up to $100,000 to anyone who discovers security exploits on the preview version of Windows 8.1. Despite Facebook's success, however, over 6 million accounts were still exposed in June... proving that when it comes to security, tech companies can never sit on their hands.
