Topic: How best to report vulnerabilities? (Read 659 times)

I still don't get why op is disturbing the casino team. Does he want to te us that the tell are not aware about the bug? Let me tell you having bug in the system is not always the problem, sometimes it is left that way to test the nature of the system in asmuchas it does not have any issue with the casino. The users interface is a very important thing that is mostly important and once that is done then other small small bugs should not be a problem.
 
If op continues to pressure the team about it, they may think he is trying to imform them so that he might ask for compensation at the later end.

For these cases, my main objective is to reach the casino's management. But the first challenge here is the support. If you told it to a close-minded support agent, most of the time you will get a response just like what you had. They will not understand your concern and will give you some guff sentences, sometimes they even use their canned messages in the wrong way.
So if you are really into it, try messaging them again at a different time, hope you got another support agent which has an open mind when it comes to these cases.

Yeah so with multiple reports to moderators to lock the thread, within the short time, the thread should have been locked by the moderators.
The thread has generated enough discussion and suggestions that are not only helpful to ops, but to the rest of us, we have all learned something from the responses of others here on this thread

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here.

So It should be stopped I think and it's already enough what we have made.

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here.

So It should be stopped I think and it's already enough what we have made.

I suppose most casinos somewhere on their TOS have a clause which allows them to void any profits the player may have gotten if they were exploiting a bug, so I doubt this is something advisable to do as you will risk your account getting banned by doing this.

I still think there is not much for the OP to do as if the developers of the casino do not even want to listen to a bug report, the OP should simply move on and let them to suffer the consequences of their carelessness.

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.  

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it?  

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

That's the problem if you got got the right person from the team because if you don't then there's a possibility that the person you contacted might have used the bug and if you also did take advantage of the bug and that person found out about it then you will be most likely getting banned for that reason. It is also what comes to my mind when reporting vulnerabilities which is getting paid more like a bug hunter if you ask me.

How best to report vulnerabilities?

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.

It's better if you make a comment to their thread here in the community and wait for their response if that bug doesn't have affection with the transaction and abuses the current system of their current platform I guess they will just ignore those but if you see that as critical might damage and make them lose a lot of money I guess that's the time they make an action. Better to contact their email or just the moderator in the chat if they have.

The first thought that comes to mind about reporting vulnerabilities is "getting paid for it"  It is easy to report a vulnerability, just ask the desktop service of the site how to do it and where would you email be directed. Do not just send a report to any email, as sometimes employees use vulnerabilities, just make sure it reaches the right person in the team.

I suppose most casinos somewhere on their TOS have a clause which allows them to void any profits the player may have gotten if they were exploiting a bug, so I doubt this is something advisable to do as you will risk your account getting banned by doing this.

I still think there is not much for the OP to do as if the developers of the casino do not even want to listen to a bug report, the OP should simply move on and let them to suffer the consequences of their carelessness.

There's nothing you can do mate since they didn't think that you are serious about the bug that you found. Since they explained it to you that they don't have bug bounty running up. Well, it's up to you either to take advantage of the bug and won more money than it should have and good luck about not getting found out that you exploited a bug. Maybe try to make some copy or an evidence that they told you to enjoy the bug. I can also think that it could be an event of some sort if you ask me but who knows what it really is what is the situation.

I suppose most casinos somewhere on their TOS have a clause which allows them to void any profits the player may have gotten if they were exploiting a bug, so I doubt this is something advisable to do as you will risk your account getting banned by doing this.

I still think there is not much for the OP to do if the developers of the casino do not even want to listen to a bug report, the OP should simply move on and let them suffer the consequences of their carelessness.

There's nothing you can do mate since they didn't think that you are serious about the bug that you found. Since they explained it to you that they don't have bug bounty running up. Well, it's up to you either to take advantage of the bug and won more money than it should have and good luck about not getting found out that you exploited a bug. Maybe try to make some copy or an evidence that they told you to enjoy the bug. I can also think that it could be an event of some sort if you ask me but who knows what it really is what is the situation.

If ops have tried to reach out to tge casino involved via their support and there is no positive response, i think ops should contack tgem again, may be busy or there have not find their way around the situation so their team are just using the delayed tactic for the players so that he will not expose the venerabilities.

If ops have tried to reach out to tge casino involved via their support and there is no positive response, i think ops should contack tgem again, may be busy or there have not find their way around the situation so their team are just using the delayed tactic for the players so that he will not expose the venerabilities.