Black cards for "white hats"
Facebook began to send hackers who participate in the program to find bugs for money, branded debit cards in black . It is on them that the fee is charged. The cards are “anonymous”, instead of the owner’s name, the name is BUG BOUNTY.
Cards of such a rare series are valuable in their own right as a souvenir.
Some companies pay rewards for found vulnerabilities in their products. In addition to Facebook, Mozilla, Google, Yandex and others do this. For individual independent security professionals, these programs are a stable source of income. For example, the Russian Sergei Glazunov has already become a legend in the Google security department, he has reported several dozen serious bugs and has earned about $ 80,000 so far. And this is only in one program.
')
Sergey Glazunov is not the only one. For example, Polish hacker Szymon Gruszecki also received such a card from Facebook as a regular payee for the program
Facebook started paying hackers in the summer of 2011. The minimum payment for the vulnerability is $ 500 (XSS, CSRF / XSRF, injecting), but they can pay more for specific bugs.
American first-year student Neil Poole also participates in the Facebook, Google and Mozilla payments program, and after closing the holes, he publishes reports on his blog. He was recently sent the same card issued by JP Morgan Chase Bank - and he goes to the local branch of this bank in order to periodically transfer money from the card to his main account. According to Neal, at first he had difficulties, because none of the employees had ever seen such a card. The student says that he will never take this card to a hacker conference like Black Hat or DefCon and in no case will it be calculated by it. After all, such a thing can become a real rarity in hacker circles and it must be cloned.
Cards of such a rare series are valuable in their own right as a souvenir.
Some companies pay rewards for found vulnerabilities in their products. In addition to Facebook, Mozilla, Google, Yandex and others do this. For individual independent security professionals, these programs are a stable source of income. For example, the Russian Sergei Glazunov has already become a legend in the Google security department, he has reported several dozen serious bugs and has earned about $ 80,000 so far. And this is only in one program.
')
Sergey Glazunov is not the only one. For example, Polish hacker Szymon Gruszecki also received such a card from Facebook as a regular payee for the program
Facebook started paying hackers in the summer of 2011. The minimum payment for the vulnerability is $ 500 (XSS, CSRF / XSRF, injecting), but they can pay more for specific bugs.
American first-year student Neil Poole also participates in the Facebook, Google and Mozilla payments program, and after closing the holes, he publishes reports on his blog. He was recently sent the same card issued by JP Morgan Chase Bank - and he goes to the local branch of this bank in order to periodically transfer money from the card to his main account. According to Neal, at first he had difficulties, because none of the employees had ever seen such a card. The student says that he will never take this card to a hacker conference like Black Hat or DefCon and in no case will it be calculated by it. After all, such a thing can become a real rarity in hacker circles and it must be cloned.
Source: https://habr.com/ru/post/134611/
All Articles