Title: Is Security Bounty still Active? Post by: blue Snow on July 29, 2021, 12:05:13 AM What kind of vulnerability security bounty hunter got $19 000?
https://bitcointalk.org/sbounties.php When I look at the meta board, there are a lot of threads want to recovery hacked account, this means lots of hackers with technical skill hanging out here. What does he get? , nothing, just an account with tagged hacked which can't do anything here. Hackers can get more than that. Quote
but don't forget Quote You must not publish it elsewhere or share it with anyone else. even on meta though good luck Title: Re: Is Security Bounty still Active? Post by: jackg on July 29, 2021, 01:09:10 AM I'm not sure on the architecture of simple machines forums/and this one specifically but a lot of user account hackings can occur from people using weak passwords. I'm not sure I want to cover the details on how to do this without or with the database but it's possible either way if the passwords used aren't very advanced - especially if a user lists the country they're from or you can guess the country/area. It could also be possible to send a phishing link to someone's email and get them to log in/interact with it to get access to their email and/or their account.
I think I'd agree that the bug bounties might be a bit low - potentially the Javascript one of you can inject a photo that is able to deanonymise someone even just on one particular browser - but I'm not sure the best way to increase them either or whether it's even a good idea to (should you wait with a gulnerability you've found because you think they rates will go up again?) |