bug bounty

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.


How to get away with hacking a US satellite

The US Air Force wants to know if you can hijack control of an orbiting satellite and turn its camera from staring at Earth to point at the moon instead.

Read more in my article on the Hot for Security blog.


Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.


Huge prizes up for grabs for anyone who can hack a Tesla

This year, for the first time ever, a popular car will be amongst the products hackers will be trying to exploit at the Pwn2Own contest.

Read more in my article on the Hot for Security blog.

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services.

Read more in my article on the Hot for Security blog.


Found a flaw in a popular Android app? Google might give you $1000

Google has announced a new bug bounty program that aims to uncover security holes in high-profile Android apps.

Read more in my article on the Hot for Security blog.

Earn up to $200K finding bugs in Samsung smartphones

Samsung has announced a new bug bounty program that offers rewards of up to $200,000 for qualifying vulnerability reports.

David Bisson reports.


How to get away with hacking the Department of Homeland Security

But more and more organisations are actually welcoming attempts to test their security, in the hope that vulnerabilities will be reported to them responsibly before a malicious hacker exploits a weakness to inflict damage.

Read more in my article on the Tripwire State of Security blog.


Hack the US Air Force, and make cash… legally!

Humans make mistakes, and vulnerabilities can creep into projects unspotted. The more trusted eyes checking a service – with the approval of the systems’ owners – the better.

Read more in my article on the We Live Security blog.

Earn up to $200,000 as Apple *finally* launches a bug bounty

Found a vulnerability in Apple products? Finally the company has recognised that you might be grateful for some financial reward.

Pornhub asks for help hardening its security

If you find a new backdoor – let us know, says popular X-rated adult video website.


Hack the Pentagon, and you could win $150,000

The US Department of Defense is inviting hackers to find security vulnerabilities in some of its public websites, and is offering a bounty of up to $150,000 for those who find flaws.

Read more in my article on the Hot for Security blog.

Starbucks stays schtum, after patching critical website vulnerabilities

Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.

David Bisson reports.

Researcher demands FireEye pay up for zero-day vulnerabilities or suffer his ‘cold silence’

A security researcher has demanded that FireEye pay him for several zero-day vulnerabilities he found in the firm’s security products, and he has threatened that he will otherwise remain silent about the bugs’ details.

David Bisson reports.

Do bug bounties work?

Guest contributor Bob Covello discusses bug bounties. Do you think they’re doing a good job at helping vulnerabilities be found, and keeping users safe?