Million Air Miles Bounty Awarded
Written by Sue Gee   
Wednesday, 15 July 2015

United Airlines has already made good on its promise to pay security researchers in air miles for vulnerabilities found in its web properties. It has just awarded the maximum payout for a Remote Code Execution.

United Airlines announced its bug bounty program in May and hasn't disclosed anything more about it since then. However Jordan Wiens was so thrilled by his payout - one of 999,999 points and another of 1 to bring the total to 1 million, that he tweeted about it:

UApayout

 

One of the first question he was asked on Twitter was what type of bug had he submitted. Realizing that the bounty program's t&cs mean he must not disclose information he referred back to the United Airline site:

 

usrewards

 

This raised a more interesting question relating to the fact that the rules profit researchers from taking any action that could compromise the airline's operation:

if you can't perform a code injection on live systems, how do you test?

To which Wiens replied:

I just sent a report saying "this is probably RCE, I just can't test" can't give more detail than that.

 

In another tweet he disclosed:

The RCE probably wasn't in critical parts of the network. I actually expected less miles since it didn't seem as important.

 

Another security researcher, who had already been paid for bugs falling into the Medium category asked Wiens when he had submitted, an important question given that only the first person to submit a bug will be rewarded. The answer was that it was timestamped:

 Fri, May 15, 2015 at 2:08 PM

which was within a matter of hours from the launch of the program! 

Jordan Wiens is now planing a vacation to Hawaii but, as we explained when the program was announced, if you don't want to become a frequent flyer there are other goods and services that the reward points can be exchanged for.  

Even so one million airmiles is a lot of miles...

unitedsq

Banner


Couchbase Adds Vector Search
07/03/2024

Couchbase is adding support for vector search across its entire product line including Capella, Enterprise Server, and Mobile. Support has also been added for retrieval-augmented generation (RAG) tech [ ... ]



Open Source Key To Expansion of IoT & Edge
13/03/2024

According to the 2023 Eclipse IoT & Edge Commercial Adoption Survey Report, last year saw a surge of IoT adoption among commercial organizations across a wide range of industries. Open source [ ... ]


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Wednesday, 15 July 2015 )