bug bounty


LinkedIn trumpets the success of its private bug bounty

It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?

Read more in my article on the Optimal Security blog.

0 sec read


United Airlines bug bounty – find vulnerabilities, win airmiles!

The latest high profile firm found running a bug bounty is United Airlines. And rather than offering the conventional cash rewards, United is offering airmiles instead.

But watch out, there are rules regarding what kind of vulnerabilities you can test for…

Read more on the Tripwire blog.

0 sec read

Serious security hole in Gmail password reset system found by security researcher

A security researcher has uncovered what Google has described as a “high impact” bug in its account recovery process, which could have potentially allowed hackers to trick users into handing over their passwords.

1 min read

Yahoo admits its bug bounty goof, and stops offering free t-shirts

Sorry, in future you won’t be given a voucher for $12.50 to spend in the Yahoo Corporate Store if you find a critical vulnerability in a service used by hundreds of millions of internet users.

2 min read

Serious Yahoo bug discovered. Researchers rewarded with $12.50 voucher to buy corporate T-shirt

Such a risible bug bounty is unlikely to win Yahoo any friends and could – if anything – make it less likely that the site will gain the assistance of white-hats in future.

1 min read

Hackers raise over $12,000 for man who broke into Mark Zuckerberg’s Facebook page

Facebook may have refused to pay researcher Khalil Shreateh a bug bounty after he posted a message on Mark Zuckerberg’s Facebook page, but that doesn’t mean he’s going to go away empty-handed.

45 sec read

Critical Facebook vulnerability could have made it easy to hack accounts [VIDEO]

A critical vulnerability was recently found in Facebook that could allow an attacker to hijack, and take control over, accounts on the social network.

Watch the video and learn how it worked.

2 min read

How to find the primary email address of any Facebook user. Privacy bug squashed

A security researcher has detailed how he found a way to find out *any* Facebook user’s primary email address, regardless of their privacy settings, by exploiting a weakness on the social network.

2 min read