20: Bugging Out Over Bounties
What’s been bugging the team recently? Slack’s bug bounty – if it can even be called that – causes some consternation in this episode and raises serious questions about bug bounty programs. The bug in question was classified as a ‘critical’ RCE vulnerability and yet the researcher who discovered it only got $1750. Yup, you read that right. Apparently doing the right thing doesn’t always pay, but if you’re like Kev you might end up with some free chicken or a heartfelt ‘thank you’. We’re absolutely certain that such rewards are enough to keep people on the responsible disclosure side of the fence…
Also covered in this episode is the strange news that a Russian national was arrested for trying to convince a Tesla employee into installing malware onto the company’s network for the tasty sum of $1m. Color us intrigued…
***
Slack Bug Bounty:
Tesla Hacking Plot:
https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/