Million Air Miles Bounty Awarded |
Written by Sue Gee | |||
Wednesday, 15 July 2015 | |||
United Airlines has already made good on its promise to pay security researchers in air miles for vulnerabilities found in its web properties. It has just awarded the maximum payout for a Remote Code Execution. United Airlines announced its bug bounty program in May and hasn't disclosed anything more about it since then. However Jordan Wiens was so thrilled by his payout - one of 999,999 points and another of 1 to bring the total to 1 million, that he tweeted about it:
One of the first question he was asked on Twitter was what type of bug had he submitted. Realizing that the bounty program's t&cs mean he must not disclose information he referred back to the United Airline site:
This raised a more interesting question relating to the fact that the rules profit researchers from taking any action that could compromise the airline's operation: if you can't perform a code injection on live systems, how do you test? To which Wiens replied: I just sent a report saying "this is probably RCE, I just can't test" can't give more detail than that.
In another tweet he disclosed: The RCE probably wasn't in critical parts of the network. I actually expected less miles since it didn't seem as important.
Another security researcher, who had already been paid for bugs falling into the Medium category asked Wiens when he had submitted, an important question given that only the first person to submit a bug will be rewarded. The answer was that it was timestamped: Fri, May 15, 2015 at 2:08 PM which was within a matter of hours from the launch of the program! Jordan Wiens is now planing a vacation to Hawaii but, as we explained when the program was announced, if you don't want to become a frequent flyer there are other goods and services that the reward points can be exchanged for. Even so one million airmiles is a lot of miles... More Information
|
Couchbase Adds Vector Search 07/03/2024 Couchbase is adding support for vector search across its entire product line including Capella, Enterprise Server, and Mobile. Support has also been added for retrieval-augmented generation (RAG) tech [ ... ] |
Open Source Key To Expansion of IoT & Edge 13/03/2024 According to the 2023 Eclipse IoT & Edge Commercial Adoption Survey Report, last year saw a surge of IoT adoption among commercial organizations across a wide range of industries. Open source [ ... ] |
More News
|
Comments
or email your comment to: comments@i-programmer.info