Topic: Bounty Special Announcements (Read 915 times)
Your password system is bugged ?, i am getting redirect to password page again and again whenever i try to save it.
UPDATE
We continue to be surprised by the valuable responses from all corners of the community.
Since we presented and met many of you at the Bitcoin Conference in San Jose in May,
the feedback has gotten even better.
* Feature Requests
* UX / UI
* Ideas for the API https://github.com/pikapay/pikapay-api
* Other ideas
Last but not least, security.
As PikaPay improves, we will remain concentrated on security. Since our last public security
report, we received notice of three XSS risks which we have patched.
At his request we publicly acknowledge Sahil Sehgal, one of the two investigators
who received bitcoin rewards for reporting these vulnerabilities.
An additional report related to CVE-2009-3555 and BEAST is worth mentioning.
As always we investigated this issue very carefully, but it was not a viable attack
and did not officially qualify for a bounty. We still decided to make an exception
and pay out an unofficial reward in this case because we appreciated the time
and attention and the additional insights behind the scenes that the contributor
provided. We hope to hear more from him the future.
We view security as an ongoing effort, and appreciate the ongoing attention received from the security community.
PikaPay thanks everyone who contributed so far. We intend to keep this program running
and to disclose the results to make the community safer.
Whether you have or haven't found anything thus far, your work
is appreciated. We encourage you to keep looking and testing PikaPay.
PikaPay
The PikaPay bounty program is still running: bit.ly/14J1YZz
We are aiming to make PikaPay one of the most secure Bitcoin services available because we believe security is one of the keys to our mission -- to bring the benefits of Bitcoin to everyone.
[email protected] is the address of PikaPay's security team.
Since PikaPay launched our bounty program on March 18, we've been astounded by the wonderful feedback. Security specialists from all corners of the Bitcoin world have responded with excellent suggestions.
While the program continues we have 2 Special Announcements:
Quote
1 ) A vulnerability was reported less than 2 hours after we announced the bounty. The vulnerability could allow account recovery information to be updated from the browser without re-entering a password.
PikaPay uses 2 factor authentication, which may have frustrated an actual exploit of the vulnerability. Still, this was a great find (and fast!) and it qualifies for a reward. We fixed the bug immediately, and have had the fix independently verified.
While the security researcher who reported this issue asked to remain anonymous, he's clearly one of the sharpest and fastest around. We're glad to have him in the community.
PikaPay uses 2 factor authentication, which may have frustrated an actual exploit of the vulnerability. Still, this was a great find (and fast!) and it qualifies for a reward. We fixed the bug immediately, and have had the fix independently verified.
While the security researcher who reported this issue asked to remain anonymous, he's clearly one of the sharpest and fastest around. We're glad to have him in the community.
Quote
2 ) We also want to acknowledge the excellent tips provided by the Bitcoin Police.
These guys are a valuable resource to the community and deserve to be commended for their great contributions. See irc.freenode.net #bitcoin-police or http://bitcoinpolice.org/ if you don't know them yet.
These guys are a valuable resource to the community and deserve to be commended for their great contributions. See irc.freenode.net #bitcoin-police or http://bitcoinpolice.org/ if you don't know them yet.
Last but not least: The PikaPay bounty program is still running. bit.ly/14J1YZz
We are aiming to make PikaPay one of the most secure Bitcoin services available because we believe security is one of the keys to our mission -- to bring the benefits of Bitcoin to everyone.
[email protected] is the address of PikaPay's security team.
If you're not interested in the bounty and just want to beta test PikaPay, mail [email protected] and come check it out. We're hard at work to make PikaPay into something unique, and any suggestions, questions and critique are very important to us.
Keep up the great work!
PikaPay
PikaPay Bounty Program: bit.ly/14J1YZz
Jump to: