Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.
Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.
The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.6 -
Apple paid bounty hunter 18k instead of 250k by silently tweaking their help page, so it seems like the bug is less severe.
Dear apple, I defended you from baseless and opinionated attacks just like I defend every company that is bashed for no reason, but this is some straight up bouba shit. I will still be fair when it comes to your products, still never silencing bugs and downsides and praising what deserves to be praised, but I will always mention this incident when someone asks me about _working_ at apple. That kind of ethics bs can't be silenced just because I enjoy your new arm chip.
https://thezerohack.com/apple-vulne...12 -
Hey everyone,
I am trying to become a bug bounty Hunter on hackerone. Any tips? I am unable to find bugs.😂2
Top Tags
Weekly Rant
View