Google’s Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches.
Tag Archives: bug bounty
HackerOne pays $20,000 bounty after breach of own systems
In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.
Uncle Sam opens arms to friendly hackers
All you bug hunters out there are about to get a nice Christmas gift – the US federal government finally wants to hear from you.
iPhone attack may have targeted Android and Windows too
A sophisticated and sustained watering hole attack affecting iPhones may have targeted Windows and Android too.
Facebook flaw could have allowed an attacker to hijack accounts
The CSRF bypass flaw has now been fixed, and the researcher who discovered it has netted $25,000.
KeySteal could allow someone to steal your Apple Keychain passwords
The researcher says it works without root or administrator privileges and without password prompts. But he’s not revealing how it works to Apple because there’s no money for him in its invite-only/iOS-only bounties.
How one man could have taken over any business on Facebook
The recently patched flaw would have enabled anyone to make themselves an administrator for any Facebook business account.
How a cryptocurrency-destroying bug almost didn’t get reported
A researcher recently revealed how he found a bug that could have brought the fourth largest cryptocurrency to its knees – and how he was almost unable to report it.
‘Unhackable’ Bitfi hardware rooted within a week
Getting root access and patching firmware doesn’t count as successful hacking, apparently.
Researchers claim Chrome bug bounty paid to the wrong people
Yubico has been drawn into a rare public spat over how the discovery of a security flaw affecting it products was credited.