Source code essentially runs a program, be it a webpage or an app. So when that code is made available to the public, it not only opens the door to copycats, it gives competitors and hackers a look under the hood. Thankfully for Twitter, the person who found a security flaw that left the source code for its short-form video platform vulnerable didn’t have nefarious plans. And now he’s on the receiving end of $10,000.
Mashable reports that the white-hat hacker, who goes by the pseudonym “avicoder,” received a $10,080 “bug bounty” from Twitter for uncovering the security flaw that could have allowed ne’er-do-wells to make an exact replica of Vine to phish other users.
The hacker, who detailed his findings in a blog post, says he uncovered the issue while looking for vulnerabilities with a network-scanning search engine.
He found that he was able to download Vine’s entire source code through a public docker image and use the code to host a replica of the service locally.
The India-based hacker says that he’s found 15 other bugs in Twitter so far, and had received other bounties from the company.
Twitter announced in May that it had paid out a total of $322,420 to researchers for uncovering flaws in its products. The highest payout was $12,040, Mashable reports.
Twitter awards $10,080 to hacker for discovering security flaw in Vine [Mashable]
Aucun commentaire:
Enregistrer un commentaire