It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?
Read more in my article on the Optimal Security blog.
The latest high profile firm found running a bug bounty is United Airlines. And rather than offering the conventional cash rewards, United is offering airmiles instead.
But watch out, there are rules regarding what kind of vulnerabilities you can test for…
Read more on the Tripwire blog.
A security researcher has uncovered what Google has described as a “high impact” bug in its account recovery process, which could have potentially allowed hackers to trick users into handing over their passwords.
Sorry, in future you won’t be given a voucher for $12.50 to spend in the Yahoo Corporate Store if you find a critical vulnerability in a service used by hundreds of millions of internet users.
Such a risible bug bounty is unlikely to win Yahoo any friends and could – if anything – make it less likely that the site will gain the assistance of white-hats in future.
Facebook may have refused to pay researcher Khalil Shreateh a bug bounty after he posted a message on Mark Zuckerberg’s Facebook page, but that doesn’t mean he’s going to go away empty-handed.
A critical vulnerability was recently found in Facebook that could allow an attacker to hijack, and take control over, accounts on the social network.
Watch the video and learn how it worked.
A security researcher has detailed how he found a way to find out *any* Facebook user’s primary email address, regardless of their privacy settings, by exploiting a weakness on the social network.