Million Air Miles Bounty Awarded |
Written by Sue Gee | |||
Wednesday, 15 July 2015 | |||
United Airlines has already made good on its promise to pay security researchers in air miles for vulnerabilities found in its web properties. It has just awarded the maximum payout for a Remote Code Execution. United Airlines announced its bug bounty program in May and hasn't disclosed anything more about it since then. However Jordan Wiens was so thrilled by his payout - one of 999,999 points and another of 1 to bring the total to 1 million, that he tweeted about it:
One of the first question he was asked on Twitter was what type of bug had he submitted. Realizing that the bounty program's t&cs mean he must not disclose information he referred back to the United Airline site:
This raised a more interesting question relating to the fact that the rules profit researchers from taking any action that could compromise the airline's operation: if you can't perform a code injection on live systems, how do you test? To which Wiens replied: I just sent a report saying "this is probably RCE, I just can't test" can't give more detail than that.
In another tweet he disclosed: The RCE probably wasn't in critical parts of the network. I actually expected less miles since it didn't seem as important.
Another security researcher, who had already been paid for bugs falling into the Medium category asked Wiens when he had submitted, an important question given that only the first person to submit a bug will be rewarded. The answer was that it was timestamped: Fri, May 15, 2015 at 2:08 PM which was within a matter of hours from the launch of the program! Jordan Wiens is now planing a vacation to Hawaii but, as we explained when the program was announced, if you don't want to become a frequent flyer there are other goods and services that the reward points can be exchanged for. Even so one million airmiles is a lot of miles... More Information
|
Rust Celebrates 10 Years Since Version 1.0 17/05/2025 Rust reached the milestone of Version 1.0 becoming generally available on May 15, 2015. Version 1.87 has just been released on the 10th anniversary with a celebratory event in Utrecht during Rust week [ ... ] |
Closer To A Proof That P!= PSPACE 28/05/2025 You may well know that important conjecture that P! = NP, but of equal theoretical importance is P! = PSPACE, but it hardly gets any of the publicity of its near relation. We seemed to have moved a li [ ... ] |
More News
|
Comments
or email your comment to: comments@i-programmer.info