Topic: How best to report vulnerabilities? - page 3. (Read 659 times)

well Bug reporting does not mean we must be rewarded but for the team/casino side? giving at least generosity for people trying to help them out is better instead of just ignoring those people effort .
Bug is really something that must be addressed and even some big site are asking for bug bounty just to help them out.

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent. 

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it? 

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

The way I view the OP statement was he reported that there is a bug in the game to the support but he didn't explain the full details after the support tell him that there's no bug bounty program to reward him. I guess the bug is still not fixed since OP will not gonna think to report it on the game provider if he already told it to Owl and they just didn't take action on it. I mean he can simply abused it if Owl knew the existence of the bug and didn't solve it.

if there really is a bug in their game of course this should be a serious concern for them, but if indeed they feel it's not a bug I think you also need to provide complete evidence to give them confidence not just a screenshot or you can use it with another way to let them know, to my knowledge there aren't many casinos that provide bug bounties

Either way that's a bad attitude they should at least acknowledge the report, even if they are not giving rewards at least they should be considerate enough to acknowledge, with that kind of answer they don't care because coming from their own mouth if this is true they will just not honor coming from bugs, the gambler is the one that will suffer because he thought his winning comes in playing fair, it turned out there is a bug, I want to see Owlgame answer into this allegation this is serious and gamblers will opted not to play in their platform.

Either way that's a bad attitude they should at least acknowledge the report, even if they are not giving rewards at least they should be considerate enough to acknowledge, with that kind of answer they don't care because coming from their own mouth if this is true they will just not honor coming from bugs, the gambler is the one that will suffer because he thought his winning comes in playing fair, it turned out there is a bug, I want to see Owlgame answer into this allegation this is serious and gamblers will opted not to play in their platform.

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent. 

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it? 

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

If that's their response towards you, then they aren't open for feedback and are slacking off their jobs to maintain the casino abuse-free which is really a cause of concern since these abusive activities are prohibited in the first place. Why would they even say a statement of enjoying the bug, if really there is any instead of acknowledging their shortcomings and giving a reward? Perhaps they are just too complacent and too confident that it won't happen, or they just don't want to acknowledge your report because they have to give a reward, which they don't want to.

Check whether the casino still have this bug and if they do, they probably are just confident and slacking off maintaining the casino away from glitches. If it suddenly don't have it after you reported, then most probably they have taken an action about your concern but decided not to credit you for noticing which I believe is such a jerk move if ever it is the latter reason.

If that's their response towards you, then they aren't open for feedback and are slacking off their jobs to maintain the casino abuse-free which is really a cause of concern since these abusive activities are prohibited in the first place. Why would they even say a statement of enjoying the bug, if really there is any instead of acknowledging their shortcomings and giving a reward? Perhaps they are just too complacent and too confident that it won't happen, or they just don't want to acknowledge your report because they have to give a reward, which they don't want to.

Check whether the casino still have this bug and if they do, they probably are just confident and slacking off maintaining the casino away from glitches. If it suddenly don't have it after you reported, then most probably they have taken an action about your concern but decided not to credit you for noticing which I believe is such a jerk move if ever it is the latter reason.

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent. 

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it? 

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.

I think ops will not want to mention the name since he is trying every possible efforts to get the game provider attention to fix the bug, I don't know why a casino should take such a report with laxity.
What if ops decide to keep it to himself and continue to exploit the loophole and take advantage of the bug to exploit and abuse the casino system?
That could lead to more severe outcomes for both casino and the player and possibly the player could walk away knowing already what is involved in exploiting such loopholes.

Without saying which game it is and which provider it belongs to, could you explain what kind of loophole or bug it is precisely and how it works exactly? Are you sure you're not just encountering a long winning streak on this game. Because one time I got many wining rounds in a row, and I really though the game was bugged but unfortunately it didn't continue like that for long and I lose almost all the winnings I made at the end. 

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent. 

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it? 

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

I was about to point ops in that direction also, the bug should be reported to support ASAP and if supported with the necessary evidence in a pictural manner it will help the support agent to accept and processe your request.  The casino team may have reacted that way because of the fact that at the moment the team is not paying anyone for bug discovery bit in other to protect everyone from this mess, you should continue your contact with them and provide evidence as mentioned,