Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.
Andrew Tang explores the contentious issue of paying bug bounties when software flaws are discovered.
A series of bug bountiers have apparently open and closed a vulnerability in the social media giant, Facebook.
Not all hackers are evil, some of them do fight to keep the internet safe. Most of the good guys do it for the bounties offered by major brands and net companies.
Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.
Bug bounties may appear to be an attractive way to crowd-source security testers and only pay on results, but there may be serious pitfalls for your organisation's cyber-security, says Ilia Kolochenko.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime