bug bounty

bitdefender.com

Huge prizes up for grabs for anyone who can hack a Tesla

This year, for the first time ever, a popular car will be amongst the products hackers will be trying to exploit at the Pwn2Own contest.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


1 min read

bitdefender.com

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Found a flaw in a popular Android app? Google might give you $1000

Google has announced a new bug bounty program that aims to uncover security holes in high-profile Android apps.

Read more in my article on the Hot for Security blog.


0 sec read

Earn up to $200K finding bugs in Samsung smartphones

Samsung has announced a new bug bounty program that offers rewards of up to $200,000 for qualifying vulnerability reports.

David Bisson reports.


1 min read

tripwire.com

How to get away with hacking the Department of Homeland Security

But more and more organisations are actually welcoming attempts to test their security, in the hope that vulnerabilities will be reported to them responsibly before a malicious hacker exploits a weakness to inflict damage.

Read more in my article on the Tripwire State of Security blog.


0 sec read

welivesecurity.com

Hack the US Air Force, and make cash… legally!

Humans make mistakes, and vulnerabilities can creep into projects unspotted. The more trusted eyes checking a service – with the approval of the systems’ owners – the better.

Read more in my article on the We Live Security blog.


0 sec read

Earn up to $200,000 as Apple *finally* launches a bug bounty

The Verge writes: Apple is planning a new bug bounty program that will offer cash in exchange for undiscovered vulnerabilities in its products, the company announced onstage at the Black Hat conference today. Launching in September, the program will offer cash rewards for working exploits that target the latest version of iOS or the most


1 min read

Pornhub asks for help hardening its security

If you find a new backdoor – let us know, says popular X-rated adult video website.


1 min read

bitdefender.com

Hack the Pentagon, and you could win $150,000

The US Department of Defense is inviting hackers to find security vulnerabilities in some of its public websites, and is offering a bounty of up to $150,000 for those who find flaws.

Read more in my article on the Hot for Security blog.


0 sec read

Starbucks stays schtum, after patching critical website vulnerabilities

Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.

David Bisson reports.


1 min read

Researcher demands FireEye pay up for zero-day vulnerabilities or suffer his ‘cold silence’

A security researcher has demanded that FireEye pay him for several zero-day vulnerabilities he found in the firm’s security products, and he has threatened that he will otherwise remain silent about the bugs’ details.

David Bisson reports.


1 min read

Do bug bounties work?

Guest contributor Bob Covello discusses bug bounties. Do you think they’re doing a good job at helping vulnerabilities be found, and keeping users safe?


1 min read

heatsoftware.com

LinkedIn trumpets the success of its private bug bounty

It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?

Read more in my article on the Optimal Security blog.


0 sec read

tripwire.com

United Airlines bug bounty – find vulnerabilities, win airmiles!

The latest high profile firm found running a bug bounty is United Airlines. And rather than offering the conventional cash rewards, United is offering airmiles instead.

But watch out, there are rules regarding what kind of vulnerabilities you can test for…

Read more on the Tripwire blog.


0 sec read

Serious security hole in Gmail password reset system found by security researcher

A security researcher has uncovered what Google has described as a “high impact” bug in its account recovery process, which could have potentially allowed hackers to trick users into handing over their passwords.


1 min read