Comments on: Bugs Money

By: Jango Fett

Jango Fett — Wed, 21 Dec 2011 02:11:13 +0000

These “bounties” are just spec work moved to a different domain. The scenario is the same as in the creative design world: many toil, few are paid, all are exploited.

Security researchers do have one bit of leverage that artists don’t; they can sell the product of their labors to the black hats. But they have dance carefully to avoid extortion or criminal accessory charges. Still, in the end I think selling to the bad guys is the best way to increase the number of security pros actually hired as opposed to being merely exploited in these contests.

By: JCitizen

JCitizen — Sun, 18 Dec 2011 06:34:42 +0000

Great article Brian! It is so good to see people making a positive difference for once!

By: F-3000

F-3000 — Wed, 14 Dec 2011 13:47:38 +0000

My usual comment for people who tell me that they don’t have Facebook account is “you have lost nothing”.

What I find rather negative aspect, is that there’s a lot of site specific forums, yet people use only facebook groups when/if one is created.

Why it is not good that the facebook group is more used than a site forum?
Firstly, Facebook is not safe media. As a mere example, a browser-addon meant to be a FB-game tool, may reveal basically anything that’s written in a closed group, if the tool’s written badly, or if it’s purposely malicious. Less likely to happen when the game-site, and the forum are on different source.
Secondly, Facebook is not stable media. Those who are members of groups, and especially those who are admins of groups, remember too well about the group-renewal of Facebook, which happened short ago. A lot of groups went to “archives”, because the updating system did not even work for those who did not use english as FB language, until it was too late. On occasion, groups, or even user-accounts, go missing or unaccessible without clear reason about what has happened.

By: geeknik

geeknik — Tue, 13 Dec 2011 19:43:29 +0000

I’ve made some quick cash through Google and Mozilla’s bug bounty programs, but I didn’t know about Facebook, CCBill and Piwik. Time to get cracking, so to speak.

By: helly

helly — Tue, 13 Dec 2011 15:26:07 +0000

I was lucky enough to find a vuln in google search a few months back, I thought the hall of fame was a neat idea. I love this card idea, it continues to make it interesting for researchers to report vulnerabilities in ways a company desires.

These programs I think are extremely beneficial, and it would be exciting to see more companies continue to emulate these models.

By: Jay Wocky

Jay Wocky — Tue, 13 Dec 2011 15:05:20 +0000

I don’t recall invoking ignorance to excuse my Facebook-o-phobia. Indeed, my avoidance of FB et al. simili is based in considerable research and anecdotal evidence.

As for fear, well: I walk generally without fear. But I stay off of tight ropes with the same mindset that eschews social networking. Thus far, neither abstinence seems to have narrowed the universe for me. Rather, I reap the benefit of time to spend on better things.

By: steve

steve — Tue, 13 Dec 2011 14:32:17 +0000

@Datz – yes, go out into the cyber world, but NOT fearlessly. Ask any hero – they felt the fear and did it anyway. Fearless leads to foolish risk, not prudent behavior.

By: BrianKrebs

BrianKrebs — Tue, 13 Dec 2011 13:19:33 +0000

Thanks, Michal. Fixed that.

By: Datz

Datz — Tue, 13 Dec 2011 11:25:41 +0000

Would you also stop walking because you fear you may fall down? Ignorance is no excuse; arm yourself with the knowledge and go out fearlessly in this cyber world.

By: Michał

Michał — Tue, 13 Dec 2011 11:24:39 +0000

There is a typo in the Niebezpiecznik’s URL – you forgot http Brian, link doesn’t work.
Glad to see Niebezpiecznik here, they are quite popular in Poland, educating in itsec.