Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "pakistan"
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4
horrible terrorist attack in Uri, Kashmir.
may the jawans rest in peace 🙏
enough is enough.
time for change ✊3
My dream project is something very simple but not yet done in Pakistan.
I want to create a marketplace for musical instruments and related equipment. Currently it's very hard for amateur musicians in Pakistan to find the gear they're looking for, and being one of these musicians myself, I know how frustrating it can be. So it'd be great if I can solve that problem in a country where the government does very little to help independent artists grow.1
Well another Satoshi Nakamoto reveal is here and he claims to be a Pakistani!
India vs Pakistan, ICC Champions trophy finals..Sunday..a perfect combo to skip coding for a day..but the way match is turning out is making this day a spoiler :(9
Me and my friend are trying to come up with a solution for locust problem..
I decided to make a locust detector using computer vision and he'll make a laser shooter.
Meanwhile in Pakistan they simply paid people to catch locusts and turned them to chicken food.
CS really messed up our ability to think simply.6
Have you noticed a change in the typical location of internet/phone scammers from West Africa to Pakistan? All the IRS scammers I've seen have been in Pakistan for example.