Title: [BOUNTY] PikaPay Special Announcements Post by: pikapay on September 08, 2013, 11:08:03 AM PikaPay's vulnerability bounty program continues. Many of the valuable contributions you've sent in are inspiring and keep us moving forward! We believe security is one of the keys to bringing the benefits of Bitcoin to everyone. To that end we hereby gratefully acknowledge the issues reported and resolved since we made our last acknowledgements on 14 July. * URL validation error involving OAuth Redirect Reported by Charlie Briggs * Session expiration error on logout Reported by Satish Bommisetty * Clever social engineering exploit via parameter variable manipulation Reported by Ben Holden-Crowther * Force logout exploit Reported by Nitesh Shilpkar * Cookie was found that required secure + HTTP only flags Reported by Shubham Raj Each of the issues listed here qualified for a bounty to the individual who first reported them. Each issue has been carefully investigated and resolved. We are very grateful to the security researchers who spotted them. We see security as a project that requires continuous improvement above almost every other priority, and we appreciate the ongoing attention received from the security community. PikaPay thanks everyone who contributed so far. We launched this program on March 18 (one of the first Bitcoin services to do this). We intend to keep this program running and to disclose the results to make the community safer. Whether you have or haven't qualified for a bounty so far, your work is appreciated. We encourage you to keep looking and testing PikaPay. PikaPay Security@pikapay.com is the address of PikaPay's security team. The bounty program rules are here: bit.ly/14J1YZz Even if you're not interested in the bounty, please come check out PikaPay.com (http://PikaPay.com). We have a full and open API with documentation at Github.com/PikaPay (http://Github.com/PikaPay). We welcome suggestions and critique. We still have a lot of improvement coming. We're hard at work to make this service into something unique, and any suggestions, questions and critique are very important to us. Write to us: hello@PikaPay.com |