Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
1 - jail
2 - no
3 - yes*
4 - yes*
* if you're a security expert stick to 3
If not, try 3 -
@devTea unfortunately that's true. Read some articles about white-hats in Russia reporting an exploit and being jailed.
(I know, Russia and white-hats. Sounds not credible) -
You folks will end up in jail as examples.
You can look around for potential breaches but for fuck sake stop exploiting it... Don't be a fool thinking they'll greet you with « hey nice job bruh, enjoy our service is free foreva' ».
It's a bad time for dicking around.
Come into the field if you like pentesting. -
Wolle9156ycreate a new throw away E-mail address. Tell the m about the bug. Forget about it. Maybe take another free meal as "compensation".
-
Ederbit7266ySend them a anonymous email with the bug details, a demonstration, and instructions on how to donate with bitcoin
-
I've scammed a whole bunch of burritos out of one app. It seems to give me more reward points each time (as if I'd bought one) instead of taking them away (spending on the free one). I didn't do anything to hack it, and it's survived a change of phone, but it hasn't worked for colleagues.
-
spacem18366yI suggest #2. What you are doing is still theft. Would you take food without paying in a restaurant?
-
Condor323326yDepends on the company. If they have a bug hunter program, by all means report it and give them their 3 month nondisclosure time. If not, I've found from experience that some companies tend to get way too much up their own ass about these things and try to sue you even if you do the whole disclosure right, with the best intentions. Ass-coverage of incompetence and so forth. It's what required me to drop out of school. Nowadays I'd first ask them about how they deal with security vulnerability reports and make them sign a contract stating no legal action will be taken as long as industry standards are abided by. The competent ones might sign it, giving you the ass-coverage from them you need. Then privately report.
In general though, assume that most companies - especially the small ones - are beyond hope in this regard... -
Condor323326y@Nanos banks too. I've heard a fair few stories in which they love using their lawyers instead of getting some proper security folks on their legacy crapware.
-
Condor323326y@Nanos Haha, libraries, yeah. I had a few occasions in which I forgot to bring back a book, saw it getting expired.. and nothing happened. Makes you wonder just how much that "registration before lending" is really worth... Heck, even without all of that crap, if you're not a member, just take a book and put it in your backpack, you could easily get away with that.. incredible how they even still have books at all. The moral compass of people that visit libraries is far stronger than libaries' security I guess.
Related Rants
I found a vulnerability in a food delivery app api that allows me to add credit to my account. I ate my first free meal today but i feel bad about it. What should i do 😞.
1- continue hacking free credit and eating free food.
2- stop and forget i found this bug
3- report the bug in exchange for money/credit
4- report the bug for free
question
vulnerability
bug
free
ethics
api
guilt
food