Lack of bug bounties from gambling platforms - page 3.

boyptc

hero member

Activity: 3024

Merit: 680

★Bitvest.io★ Play Plinko or Invest!

Quote from: DoublerHunter on October 07, 2022, 06:45:09 PM

^But, why this is very rare now, what I mean is why most casinos did not run a bug bounty campaign.
I know it will add their cost but I think this is a proper way to know publicly the bug and their developer can quickly resolve it.
I think the best way in a new gambling casino is while having a signature campaign they also conduct a bug bounty campaign so that it will give boost to their improvement and progress.

One thing is for sure, we don't know what each of the casinos reason why they don't do that anymore. Possible that they already have their own providers for that task and that's why it's no longer needed.

If we don't see it most often then it only means that it's not needed anymore because they've got something that's doing it for them. As it is becoming rare, someone may want to ask that directly from them.

samcrypto

sr. member

Activity: 2044

Merit: 314

Vave.com - Crypto Casino

Quote from: DoublerHunter on October 07, 2022, 06:45:09 PM

^But, why this is very rare now, what I mean is why most casinos did not run a bug bounty campaign.
I know it will add their cost but I think this is a proper way to know publicly the bug and their developer can quickly resolve it.
I think the best way in a new gambling casino is while having a signature campaign they also conduct a bug bounty campaign so that it will give boost to their improvement and progress.

We cannot answer this because every site have their own needs, and it's not mandatory so it should not be a question to us.
Many site started their operation without having this bug hunting, maybe because they work hard with their site and they are confident that it will work 100%. Signature campaign are for their marketing side, bug hunting might not be a good idea if you are marketing your platform. Again, it will still depend on every site, and as a hunter we can't do anything about it aside from waiting for a new bug bounties.

DoublerHunter

hero member

Activity: 2590

Merit: 644

Quote from: erep on October 07, 2022, 05:34:19 PM

Quote from: Silberman on October 07, 2022, 05:05:02 PM

There are two possibilities for this, the first one is that there is in fact bug bounties in some of the casinos but those are not public and you need to be invited directly by the ones in charge of the code and the security of the casino in question, the second possibility is that as you state some casinos do not care about this and they are not testing the security of their website as well as they should, however if you find a vulnerability you may report it and try to negotiate a fee for your efforts in finding that bug and other bugs you may find in the future.

Exactly, because every casino will increase the security of access from hackers so the 2 possibilities you mentioned are how the casino accepts developer services for privacy and security factors. Usually there is a special page for the bug bounty campaign so that anyone who finds a bug can submit it on the form provided, then if the bug report is valid and includes a high level of security will be paid high by the casino platform.

^But, why this is very rare now, what I mean is why most casinos did not run a bug bounty campaign.
I know it will add their cost but I think this is a proper way to know publicly the bug and their developer can quickly resolve it.
I think the best way in a new gambling casino is while having a signature campaign they also conduct a bug bounty campaign so that it will give boost to their improvement and progress.

Piesel

sr. member

Activity: 672

Merit: 273

Depending on the individual motive and profession and as a software developer one can be invited for such bug bounty by the team and if the casino find is worthy the developer will walk away with the negotiated payment, both again we must know some fact about software it is that there is always a back door and the one with the code control everything. So the reason why we have so many casinos abuse is because of all this set backs.

Quote from: Mahanton on October 07, 2022, 05:59:59 PM

Quote from: erep on October 07, 2022, 05:34:19 PM

Quote from: Silberman on October 07, 2022, 05:05:02 PM

There are two possibilities for this, the first one is that there is in fact bug bounties in some of the casinos but those are not public and you need to be invited directly by the ones in charge of the code and the security of the casino in question, the second possibility is that as you state some casinos do not care about this and they are not testing the security of their website as well as they should, however if you find a vulnerability you may report it and try to negotiate a fee for your efforts in finding that bug and other bugs you may find in the future.

Exactly, because every casino will increase the security of access from hackers so the 2 possibilities you mentioned are how the casino accepts developer services for privacy and security factors. Usually there is a special page for the bug bounty campaign so that anyone who finds a bug can submit it on the form provided, then if the bug report is valid and includes a high level of security will be paid high by the casino platform.

Depends on a certain person because there are individuals who do able to find those bugs will surely be exploiting and abusing it rather than on making out some report or ticket on telling the team.
There are even platforms who doesnt really give out any bounties or reward for some possible crucial finds that really affects or do pertains about security.
But knowing with those popular platforms which someone do find out some bugs and they havent paid out and then that someone do make out some complaints and posting into this forum
then for sure they would really be getting that sympathy since it is really just worth on getting a bounty or reward for that.

Am sure if a player on a gambling site discovers any bug and reports such to the support he will receive a good reward for doing that.

Mahanton

hero member

Activity: 2730

Merit: 632

Quote from: erep on October 07, 2022, 05:34:19 PM

Quote from: Silberman on October 07, 2022, 05:05:02 PM

There are two possibilities for this, the first one is that there is in fact bug bounties in some of the casinos but those are not public and you need to be invited directly by the ones in charge of the code and the security of the casino in question, the second possibility is that as you state some casinos do not care about this and they are not testing the security of their website as well as they should, however if you find a vulnerability you may report it and try to negotiate a fee for your efforts in finding that bug and other bugs you may find in the future.

Exactly, because every casino will increase the security of access from hackers so the 2 possibilities you mentioned are how the casino accepts developer services for privacy and security factors. Usually there is a special page for the bug bounty campaign so that anyone who finds a bug can submit it on the form provided, then if the bug report is valid and includes a high level of security will be paid high by the casino platform.

Depends on a certain person because there are individuals who do able to find those bugs will surely be exploiting and abusing it rather than on making out some report or ticket on telling the team.
There are even platforms who doesnt really give out any bounties or reward for some possible crucial finds that really affects or do pertains about security.
But knowing with those popular platforms which someone do find out some bugs and they havent paid out and then that someone do make out some complaints and posting into this forum
then for sure they would really be getting that sympathy since it is really just worth on getting bounty or reward for that.

erep

hero member

Activity: 2282

Merit: 589

Quote from: Silberman on October 07, 2022, 05:05:02 PM

There are two possibilities for this, the first one is that there is in fact bug bounties in some of the casinos but those are not public and you need to be invited directly by the ones in charge of the code and the security of the casino in question, the second possibility is that as you state some casinos do not care about this and they are not testing the security of their website as well as they should, however if you find a vulnerability you may report it and try to negotiate a fee for your efforts in finding that bug and other bugs you may find in the future.

Exactly, because every casino will increase the security of access from hackers so the 2 possibilities you mentioned are how the casino accepts developer services for privacy and security factors. Usually there is a special page for the bug bounty campaign so that anyone who finds a bug can submit it on the form provided, then if the bug report is valid and includes a high level of security will be paid high by the casino platform.

Silberman

legendary

Activity: 2534

Merit: 1338

Quote from: Crypt0Gore on October 06, 2022, 02:50:39 AM

Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.

There are two possibilities for this, the first one is that there is in fact bug bounties in some of the casinos but those are not public and you need to be invited directly by the ones in charge of the code and the security of the casino in question, the second possibility is that as you state some casinos do not care about this and they are not testing the security of their website as well as they should, however if you find a vulnerability you may report it and try to negotiate a fee for your efforts in finding that bug and other bugs you may find in the future.

ralle14

legendary

Activity: 3290

Merit: 1901

Shuffle.com

Quote from: Crypt0Gore on October 06, 2022, 02:50:39 AM

Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.

I remember some crypto casinos used to offer bug bounties as a way to test the security of their site, on bustabit they have something similar. Back then Bitdice also tried to test their security by putting up a bounty in one of their accounts not sure if it still stands though. In terms of security, I think most reputable crypto casinos have one of the best security since they tend to make changes or improvements from time to time.

uneng

hero member

Activity: 2044

Merit: 784

Leading Crypto Sports Betting & Casino Platform

Every virtualsystems connected to internet are prone to vulnerabilities which can be exploited by hackers, therefore, it would be wise from every crypto casinos if they launched bug bounties periodically.

However, we don't see them doing this often. Maybe it's because they prefer to spend their funds with marketing instead and see no point in paying random people on the internet to spot bugs for them, since they also have their staff team with many professionals on the informatics field. Moreover, some casinos might purchase the security system from third party services, so it must be a guarantee, belonging the responsability to the company they made the purchase from.

Wexnident

hero member

Activity: 2576

Merit: 666

I don't request loans~

Quote from: aioc on October 07, 2022, 10:07:03 AM

Casinos should be bug-free and hacker-proof for them to gain the trust of the gambling community, there are casinos with their own created script because many casinos now are on the Whitelabel run platform, it's more cost-effective, easy to manage, and the burden is on the Whitelabel company they are the one who handles everything, that is why we seldom read of casino getting hacked it's not because hackers can't hack their system but they have experts developers to look for a patch 24/7 because that's their business, protecting their platform.

There's no system that's 100% system proof though. You can't consider a system being managed 24/7 as foolproof since it's that 24/7 management that makes it foolproof. I do agree with the Whitelabel solutions though, as I've said in my earlier post they're pretty much the same so the amount of bugs is rather minimal.

Quote from: Wapfika on October 07, 2022, 10:36:57 AM

Bounties were not that popular now, it might be a personal hiring now in telegram depending on your profile and application. Since it is hard to filter now participants in bounties some look for it in other platform so they can scan applicants properly. There is not much new gambling sites to test and when there is, this forum gives review and feedbacks already about the casino same with other old casinos that have thread here, many are open now to their review.

Rather than unpopular, bug bounty is just something more specialized to people who actually know how to attack systems instead. And another factor is as others and I have said, casinos use Whitelabel solutions so the bugs that could be found would already be rather minimal.

seoincorporation

legendary

Activity: 3290

Merit: 3092

There are multiple reasons for this.

Casinos don't want to attract hackers to their sites because some kind of attacks can crash the site. And if an attacker finds a huge vulnerability they could take the money from the site and that more than what the casino offers as bounty.

But what i have learned in the past is all casinos will pay a bounty if you report a bug by the proper way. I have reported bugs in more than 5 casinos in the past years and all of them pay me a bounty, the only one that freeze my balance and claim that i was attacking the site was primedice, in that time i was collecting evidence to report the bug but the site block my account with 0.03 btc on it. It was my fault, i should report the bug and not exploit it to collect evidence.

Wapfika

hero member

Activity: 1288

Merit: 564

Bitcoin makes the world go 🔃

Quote from: Flexystar on October 07, 2022, 10:28:12 AM

We had some but it turned out to be rat race for earning some quick bucks. I have seen the trend for big bounties going down since 2017. Being one of the user of various gambling sites I have always loved identifying the bugs and directly reporting it to the mods on their official website. However, this forum did take those bounties to next level by making them paid one. But as I said with the time they disappeared in the thin air! Not getting much of the attention because most of the gambling sites now have more or less external sources or developers to identify the bugs and they will pay you directly. I don’t know how much relevant this is here but mostly they always communicate through telegrams and will give you job directly if you are interactive and honest.

Bounties were not that popular now, it might be a personal hiring now in telegram depending on your profile and application. Since it is hard to filter now participants in bounties some look for it in other platform so they can scan applicants properly. There is not much new gambling sites to test and when there is, this forum gives review and feedbacks already about the casino same with other old casinos that have thread here, many are open now to their review.

Flexystar

full member

Activity: 1092

Merit: 227

We had some but it turned out to be rat race for earning some quick bucks. I have seen the trend for big bounties going down since 2017. Being one of the user of various gambling sites I have always loved identifying the bugs and directly reporting it to the mods on their official website. However, this forum did take those bounties to next level by making them paid one. But as I said with the time they disappeared in the thin air! Not getting much of the attention because most of the gambling sites now have more or less external sources or developers to identify the bugs and they will pay you directly. I don’t know how much relevant this is here but mostly they always communicate through telegrams and will give you job directly if you are interactive and honest.

Piesel

sr. member

Activity: 672

Merit: 273

Quote from: Peanutswar on October 06, 2022, 11:03:02 PM

As far as I know, there's a bug bounty event happening here in the community and that's the one I experience instead they are now offering some of the reviews right now as part of their promotions some instances there are a chance that they hired already a Quality Assurance tester before releasing in the community to have a better experience. It is better to hire a bounty hunter with experience with a contract so they make sure the information is safe and does not get a data breach for their system.

Reviews campaign is a new replacement to bug bounty as we have, but recently due to new development and demand, the trends have changed and it is no longer the way it used to be that new casinos always have a bug bounty.

But now we have casinos already running on a template that does not require them to need external bug hunters and their security teams are already covering up this space and performing the task of hunting for potential bugs in the system.

aioc

hero member

Activity: 2926

Merit: 567

Casinos should be bug-free and hacker-proof for them to gain the trust of the gambling community, there are casinos with their own created script because many casinos now are on the Whitelabel run platform, it's more cost-effective, easy to manage, and the burden is on the Whitelabel company they are the one who handles everything, that is why we seldom read of casino getting hacked it's not because hackers can't hack their system but they have experts developers to look for a patch 24/7 because that's their business, protecting their platform.

UserU

hero member

Activity: 2128

Merit: 532

FREE passive income eBook @ tinyurl.com/PIA10

At 500 Casino, we pay for bug bounties although it's not publicly mentioned.

A few years back, I discovered a minor bug which could be used to bypass withdraws, and after reporting the reproduction steps to the admin, was rewarded.

rhomelmabini

hero member

Activity: 2030

Merit: 578

No God or Kings, only BITCOIN.

Quote from: Crypt0Gore on October 06, 2022, 02:50:39 AM

Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.

I think they are hiring best penetration testers out there and some devs to maintain their sites rather than running a bug bounty. I think there are bug bounties in the past but right now it's rarely seen considering how many good developers doing their job securing the system. I can't think of any but most casinos I know haven't suffered any hacking activities lately.

Jemzx00

hero member

Activity: 1498

Merit: 547

Pugs are the best!

Quote from: bakasabo on October 07, 2022, 03:15:14 AM

Isn't it dangerous for gambling platforms to run bug bounties ? Basically they welcome hackers and abusers to test their defense. It will be on users conscience to point on a bug and get $100-$1000 reward or to use exploit and get several times more, or use it until casino notice they are loosing money. If projects run bug bounties it is simpler, they might lose only their own tokens, that might never have value. With casinos, ever bug is loosing money.

What's more dangerous are those running bugs and potential loopholes that can be exploited by their gamblers. There were already some bug bounties on various projects and casinos before and some users were able to report some bugs and minor exploits on the platform. Although these kinds of bounties are great for finding threats and bugs however only minor reports could have been made as I doubt that major bugs will be reported as it will be much more profitable to abuse it rather than report it.

pakhitheboss

hero member

Activity: 2156

Merit: 803

Top Crypto Casino

I think more than a gambling platforms run a bug bounty it should be the cryptocurrency that should run a bug bounty. I am saying this because of the recent BNB hack.

I also do not think any casino should run such a bounty as they are themselves asking hackers to hack them to find a bug. Just imagine a hacker participate in such a bounty and what he will be able to do with that casino. I am sure none of the casinos would like to go through that situation.

ultrloa

legendary

Activity: 2758

Merit: 1228

Quote from: Crypt0Gore on October 06, 2022, 02:50:39 AM

Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.

Maybe because some of casino are confident enough that their casino is totally safe and they have best guys working on security side or maybe even they pay already a white hat hackers to test their security since they think this is much better rather than paying those random guys which doesn't have programming background.

Topic: Lack of bug bounties from gambling platforms - page 3. (Read 783 times)