SoylentNews is people
SoylentNews
The New York Times has published an interesting article about Hacking as a business:
In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
Original Submission
(Score: 2) by mtrycz on Tuesday June 09 2015, @09:07AM
Out of curiosity: how many years agodid this happen?
Random thought: "it was a feature"... was it a backdoor?
In capitalist America, ads view YOU!
(Score: 2) by MichaelDavidCrawford on Tuesday June 09 2015, @09:44AM
I can see the argument for it being a feature.
Consider that I wrote a dozen line remote root exploit for A/UX 2.0 back in 1990. The A/UX time refused to fix the hole when I pointed it out because, as they claimed, that hole had to be there for A/UX 2.0 to work at all.
After I attached the exploit source to a Radar report, I emailed a whole bunch of people and said "The United States Air Force isn't going to want to pay us seventy million dollars for a product with this kind of their security."
Their response? "We'll let the Air Force take care of it."
It wasn't fixed until A/UX 3.0. I don't know how it was really fixed but I've thought of all kinds of ways I could fix it in a day or so of work.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by mtrycz on Tuesday June 09 2015, @11:20AM
Yeah, but how old is your bug report?
In capitalist America, ads view YOU!
(Score: 2) by MichaelDavidCrawford on Tuesday June 09 2015, @01:30PM
It's a fundamental design flaw, not just a simple bug.
Yes I Have No Bananas. [gofundme.com]
(Score: 1, Funny) by Anonymous Coward on Tuesday June 09 2015, @03:12PM
This. Sometimes it is a design flaw. "There is a hole in the side of the car, which has no locking mechanism, and placing sugar into it halts vehicle operation." "It will be fixed next version."
(Score: 2) by mtrycz on Tuesday June 09 2015, @07:25PM
Yea, but for how much time has this company ignored this security-critical design flaw? months? years?
In capitalist America, ads view YOU!