Search results for: bug bounties

Week in review: TrueCrypt’s public security audit, new MS 0-day exploited, new bug bounty programs

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles: ENISA issues recommendations for securing data using cryptography ENISA, the European Union’s “cyber security” Agency, launched a report recommending that all authorities should better promote cryptographic measure to safeguard personal data. The report addresses ways to protect sensitive and/or personal data that has been acquired legitimately. US agency employees let invented woman expert into the network Once again, and more … More

Microsoft and Facebook start Internet-wide bug bounty program

Dubbed The Internet Bug Bounty, it is sponsored by the two Internet giants and is aimed at anyone who discovers vulnerabilities in a series of open source programming languages, web apps, software, app frameworks, HTTP servers, as well as the OpenSSL implementation, Chrome, IE, Adobe Reader and Flash sandboxes, and the “Internet” in general. To participate, the hackers / submitters will have to create an account that will require them to enter a name (or … More

Microsoft widens pool of submitters to its bug bounty programs

Microsoft might have been a late starter when it comes to bug bounties, but they are continually making changes aimed at making its bug bounty program as accessible, as rewarding, and as successful it can be. The latest change makes it possible for more people, such as forensic experts and responders, to submit new mitigation bypass techniques and defensive ideas. “We are going from accepting entries from only a handful of individuals capable of inventing … More

Week in review: Dangerous vBulletin exploit in the wild, Blackhole exploit kit creator arrested

Here’s an overview of some of last week’s most interesting news, videos, interviews and articles: How to establish trust in the cloud In order to enforce corporate security policies in the cloud, IT needs to know (1) who is accessing and sharing (2) what documents (3) in which cloud storage service, and (4) that the cloud provider cannot override policies established by the business or access the data itself. Vulnerable and aggressive adware threatening millions … More

Google offers rewards for code improvements to open source programs

Google has announced that they plan to reward researchers who aim to “improve the security of key third-party software critical to the health of the entire Internet” with “down-to-earth, proactive improvements that go beyond merely fixing a known security bug.” The open source projects for whose patches researchers can get rewarded are currently core infrastructure network services such as OpenSSH, BIND, ISC DHCP; image parsers such as libjpeg, libjpeg-turbo, libpng, giflib; open source foundations of … More

Microsoft hands out $128k in bug bounties

As the date of the release of the final version of Internet Explorer 11 for Windows 8 and RT draws near, Microsoft has announced that it has paid out over $28,000 to six researchers who have successfully participated in the month-long bug bounty program for IE 11. Launched on June 26 and set to last until July 26, the aim of the program was to receive information about vulnerabilities while the new version of the … More

Google increases rewards for Chromium bug reports

It has recently been proved that setting up bug bounties is a cheaper option than hiring full-time bug hunters, and Google’s two bug bounty programs – Google Web and Chromium – have proved to be a great choice for the company, According to the researchers, one of the factors in the success of the Chromium bug bounty initiative is that the majority of the rewards are for only $500 or $1,000 and larger rewards are … More

Bug bounties are cheaper than hiring full-time bug hunters

Software companies that have instituted bug bounties are on the right track, a recently published report by researchers of the University of California, Berkeley computer science department has shown. Vulnerability rewards programs (VRPs) are 2 to 100 times more cost-effective than hiring expert security researchers to find vulnerabilities, they say, and by comparing the Chrome and Firefox VPRs, they have pointed out why the former is more effective than the latter. In order to perform … More

Week in review: Microsoft bug bounties, NSA, GCHQ surveillance, and the new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews: Account takeover attempts have nearly doubled ThreatMetrix announced its Cybercrime Index, a series of Web fraud data aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events. British GCHQ spied on G20 delegates to gain advantage in talks The British GCHQ has monitored computers and intercepted phone calls made by the foreign participants of two G20 summit … More

Microsoft to pay up to 150k for vulnerabilities

After years of saying that bug bounties are not the best way to go about getting crucial product vulnerability information in the long run, Microsoft has done an about-face and has announced three separate bug bounties. Starting with June 26, the company will be rewarding researchers with up to $100,000 for discovering and reporting “truly novel” exploitation techniques against protections built into the latest version of their OS (currently Windows 8.1 Preview), an additional $50,000 … More

Google ups (some) bug bounties

Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company’s web services and properties (YouTube, Blogger, Orkut, Google Search, and so on). Information about cross-site scripting (XSS) flaws accounts.google.com is now worth $7,500 (used to be $3,133.7), that on Gmail and Google Wallet bugs is now $5,000 (previously $1,337). XSS vulnerabilities on other properties, which were previously worth $500, are now rewarded with $3,133.7, … More

Mega pays out first batch of bounties, its crypto still intact

Mega, the file hosting service and successor to Megaupload founded by Kim Dotcom, recently instituted a bug bounty program that should help keep the service and its users safe from a variety of security relevant or design flaws. They offered rewards of up to 10,000 Euros per bug, depending on its complexity and impact potential, and have also offered the maximum reward for anyone who can break Mega’s open source encryption scheme. A little over … More