Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "bounty"
C: "hey, we've seen the ticket resolved with a bug bounty rewarded to you! congratulations!"
C: "we've talked about it today on our meeting and think we deserve 85% - since it was discovered by you while working on our contract and system!"
That was so bizarre to me and I was speechless for a good 10 minutes, didn't even have any witty reply afterwards.
I just cancelled the contract, reported the client to my middleman, explained it to the on-sight business contact and requested the final milestone to be released with one week notice until it gets to be a public case if not released through escrow.
I'm still somewhat shocked at how greedy one can be, the whole system package I was working on had estimated 150-300k post first week launch (tons of existing clients merged and unified into one system, with much more paid and feature stuff etc.), the bounty I got was around 3.5k, it still didn't sink in me.7
So I haven't touched code in 2 days now.
Main reason is elite dangerous.
I bought it for 5$ and I knew I would love it from trailer and from videos but man I didn't know shit about it.
So you start up and you don't even know how to control the ship so you launch tutorials which takes about 1 day to complete them.
Now you are ready.
But damn is the game hard and just awesome.
I love no mans sky but damn this is next level stuff.
I'm in love with this game.
I can fucking bounty hunt other real people to make living in the game.
How fucking crazy is that ?
You want to destroy somebody ?
Go ahead but expect 20 people trying to kill you after that.
Don't like shooting ?
Go do mining.
Don't like that too ? (You are crazy)
Go trading some shit.
This is just one fucking glorious game !!!15
A few days back I read an article about ethical hacking and get rewarded for bug bounty. I thought that might be interested.
I'm about to send out my first ethical hack report to a company! I'm nervous because I don't know how they'll respond. It's an xss vulnerability, and I really hope they'll fix it.5
"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.
Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.
The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.7
Interesting thing. Ya know how when turning on your phones hotspot it has to verify that you are in fact allowed to use a hotspot. Well if you have Unlimited Data like myself, hotspotting is not allowed. HOWEVER, if you spam the hotspot button, it after several tries, gives up and lets you hotspot. THIS IS MY LITTLE TRICK. NO BUG BOUNTY. BESIDES, youd need my carrier.11
A story from back when I was looking for a new job,
tl/dr, I didn't see that coming, and I don't think I would trust any recruiter ever again,
It all started when I accidentally stumbled upon a blog/job hunting site which I joined because it looked cool, as I was looking at the job postings, I got an email from a recruiter from the site, she checked my linkedin and asked if I would like any assistance to a personalized job hunting process, the message sounds like a template, so I thought it was a spam, I ignored it at first,
Next day, the recruiter emailed me again asking about yesterday's email, there was no harm I thought, so after a brief exchange of information,I gave my cv, and I was to be contacted by another recruiter who is more specialized to my preference,
Shortly, another recruiter contacted me and asked for an online session, I agreed and we talked through skype, we had a bit of lengthy discussion, past experiences, technology, people I worked with, etc, and potential job openings, by the end, he decided that there are 3 suitable ones and we'll try them one by one, first one is a startup in europe,
Within a couple of days I was set up on an hr interview from the company, usual hr stuff, why going abroad, experiences, technologies, next recruitment process, etc,
The next in line was a technical interview with one of the devs, pretty cool guy, I answered all of the technical questions properly, overall I think I managed to impress him,
After that I got a take home test, to make a simple app in react native, lucky for me it was a public holiday the next day after I got the test, so I can focus on it, I finished and submitted it later by the end of the next day,
A week goes by, and an email from the hr came, they decided not to hire me because they already hired someone else, I politely thanked them for their time, and sent my regards,
The hr emailed back ensuring that there's no problem with me in terms of technical skill or as a person, it's just by the time I entered the process, there is someone who is already in the end of the recruitment process,
At the end the hr mentioned that if I would be okay with it and if there's another position open, we can pick up from where we left off, I said yes (probably was just lip service anyway)
Another week pass by, and there's no news from the recruiter, so I sent an email about the interview and asked about the remaining job posting,
Surprise, he said that the company could not be contacted, he tried contacting the hr and the ceo but there were no response, he would try to settle this first at the time, "I'll keep you posted" he said,
More than a month passed by and I asked for an update, same reply,
"Still no news from them"
"I cannot contact any of them"
"It's driving me crazy"
"Maybe you can try contacting them yourself if you find them on linkedin"
"Since we referred you to them, so it's still tied to us"
....well, what the fuckery? I went from a job hunter to a bounty hunter? I already mentioned that they rejected me (aside from the future prospect offer from the company),
I replied that at this point I would prefer to look at other opportunities, he never replied back, soo, that's one prospective relationship down the drain then,
My guess is that the company probably didn't want to pay for recruitment fee, since they mentioned a "next time" offer for me, and probably the recruiter caught up on it, my application status on the site is still "interviewing" up until now, and it has been more than 6 months since then,
Not sure whose at fault here, but I'm sure as hell can't & won't use the site again,
CEO announced a bug bounty programme for devs to do stuff in their free time for additional cash.
Cash is decided by business people based on their idea of how complex the given problem is.
And it's not for bugs one could just find and fix. Only some fixes/features decided by them.
Like second shift.4
Dear EU haters, it seems you have reasons to forgive European Beast some of its sins. EU wants to pay since coins for a bug bounty on FOSS. List includes KeePass, VLC, Putty, 7zip and Tomcat.
So today I woke up at 6 am to participate in network stress test
There is this bounty based company that allows you to participate without any real contract, but it pays a fixed amount, its a legit thing and everything, it all went nice and smooth
150€ for waking up at 6 am, pressing 2 buttons to run my script I made earlier1
I crafted my masterpiece question on stackoverflow yesterday, but didn't got enough attention.
However I seen already have the answer.
Should I start a bounty?7
Get a comment about do I know it is working? My answer, debugging. They respond back with a question about debugging and some details I totally didn’t read.
Well, that was the bug. Chrome debugger was showing a message I didn’t understand. So they answered my problem perfectly.
But before realizing he answered my issue, I blew up. Of course I know what is going on. The debugger is showing me....did you even run my example?
I almost felt like giving up as a developer. Here is this awesome guy, solving my issue, and some dumbass like me has to be frustrated. Now he won’t respond to take a bounty he so awesomely deserves.
I’m still a dev. I just don’t feel so professional anymore...
The fires in australia killed something like half a billion animals, and it's kind of sad, all that potential barbecue going to waste.
We have the means to solve this. With KNAWWWWLEDGE.
What we do is hook up buckets to a bunch of big ass drones and have some sort of contest to see who can put out the most acreage of fire. People will come from all over for the annual "australian fire olympics."
Shit, put a $1 million dollar bounty on "most acreage put out" stream it on twitch, youtube, netflix, you name it.
Fires would be out in a day or three.18
Do you think my credit card company has a big bounty? String formatting really isn't that difficult.1
First time ever I put a bounty(stackoverflow) on my question. Didn't get a satisfactory answer till the end but found out the reputation does get deducted!
Now, that I think about it, it makes sense as people might not award bounties to save their reps otherwise.
There is this thing we were able to take at college to get extra UCAS points.
At first I was like "fuck yeah might as well, doesn't seem too hard and its something I like so I wont be distracted"
Long story short, the website was badly designed. I got distracted. And I found out how to get admin rights over my marks (and rest of my project), and perform an xss injection.
Currently waiting for them to reply to my email asking about a bug bounty program.
Seriously guys, make sure you do proper server side checks.
those who are wondering what is that software which is bug free, here is the ans;
tex ia bug free and has bounty to find bugs.1
We need to create simple form for colection few particular people data for some bounty programme.
Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.
I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.
So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.
What I hear?
Oh... it makes it easy now.
My internal voice:
next time try to use brain....
I am trying to become a bug bounty Hunter on hackerone. Any tips? I am unable to find bugs.😂2