Pages:
Author

Topic: Security bounties - page 4. (Read 170878 times)

legendary
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
September 10, 2014, 06:29:46 PM
#33
I've sent a pm to theymos, I hope he doesn't miss it Grin
(it's not a code hack etc.)
administrator
Activity: 3962
Merit: 3184
September 08, 2014, 04:48:01 PM
#32
I was meaning to raise awareness about people using different characters to make their usernames visually similar to some trustworthy members on bitcointalk.
Example: ṣatoshi, theymoṣ, ṫheymos etc.*
Why not limit the charset to UTF-8, and maybe some non-visually interfering symbols?

*As of yet, there aren't any usernames containing the characters and , but I could compile a list of such characters just to show how easy it is to try and register such a username.
administrator
Activity: 5222
Merit: 13032
September 08, 2014, 03:54:54 PM
#31
Does changing your display name, or registering a new username with prohibited strings (e.g. Satoshi) count as something that would receive a bounty?

It's not covered in this bounty, but I'd probably pay a little for info about some bugs of that sort. Some things (like various ways to visually defeat prohibited strings) are known bugs that aren't likely to be fixed.
vip
Activity: 1316
Merit: 1043
👻
September 08, 2014, 04:54:04 AM
#30
Does changing your display name, or registering a new username with prohibited strings (e.g. Satoshi) count as something that would receive a bounty?
vip
Activity: 1316
Merit: 1043
👻
September 08, 2014, 04:53:06 AM
#29
Does this count as an exploit?






<----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
what was it? unicode control codes?
hero member
Activity: 602
Merit: 500
August 12, 2014, 03:31:34 PM
#28
So should we test this on this actual website or should I test for vulnerabilities on a local host and the contact admin if I find any vulnerabilities on the same version? I don't want to risk getting into trouble testing on this forum just in case I do get into something I'm not suppose to unless it's allowed as long as you report it.
legendary
Activity: 1540
Merit: 1001
Crypto since 2014
August 12, 2014, 05:42:00 AM
#27
Does this count as an exploit?






<----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
legendary
Activity: 882
Merit: 1000
May 25, 2014, 03:04:54 PM
#26
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program Cheesy
If you are finished with this bug bounty program, you can have a look at the 30+ other bug bounty programs that pay Bitcoins Smiley Overview of Bug Bounty Programs for Bitcoins > https://bitcointalksearch.org/topic/overview-of-bug-bounty-programs-for-bitcoins-483195

Neat. Thanks a lot for the link. I'll get a few of my netsec friends to take a look at the list and see if they can find anything. Everything at bitcointalk seems pretty secure from what I've tried so far.
legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
May 24, 2014, 11:12:30 PM
#25
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program Cheesy
If you are finished with this bug bounty program, you can have a look at the 30+ other bug bounty programs that pay Bitcoins Smiley Overview of Bug Bounty Programs for Bitcoins > https://bitcointalksearch.org/topic/overview-of-bug-bounty-programs-for-bitcoins-483195
legendary
Activity: 882
Merit: 1000
May 23, 2014, 11:50:54 PM
#24
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program Cheesy
member
Activity: 66
Merit: 10
March 22, 2014, 07:25:12 AM
#23
if I find anything I will surely tell you about it.
Goodluck and hopefully there arent many vulnerabilities
sr. member
Activity: 350
Merit: 251
March 13, 2014, 07:41:29 AM
#22
Do you release information about vulnerabilities once they're fixed, or is obscurity safer in this case?
full member
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
February 02, 2014, 03:41:34 PM
#21
Hmm, Java script ? Exploits,
legendary
Activity: 2590
Merit: 2156
Welcome to the SaltySpitoon, how Tough are ya?
January 12, 2014, 09:43:00 AM
#20
If i were you i would pay someone to code new forum from zero then transfer everything, this way you not have to worry and spend too much about flaws.

That is already in progress, however after the new forum is done, it will most likely be months before it goes public. Then we have to find all of the flaws in the new version, that we may have already found in the older version.
sr. member
Activity: 266
Merit: 250
January 07, 2014, 07:27:19 AM
#19
If i were you i would pay someone to code new forum from zero then transfer everything, this way you not have to worry and spend too much about flaws.
newbie
Activity: 21
Merit: 0
December 04, 2013, 05:35:40 PM
#18
Just thought I would leave this here so that security researchers know that the bounty isn't only limited to bugs in SMF or the server:

Quote from: theymos on reddit
If you can cause serious damage to the forum with any sort of bug, and you responsibly disclose this bug, you will be given a lot of money.

BTW, I've contacted you about payment for the vulnerability I disclosed a few weeks back.
newbie
Activity: 13
Merit: 0
November 26, 2013, 04:49:51 PM
#17
good job using a password manager, theymos.
I agree with you.
member
Activity: 102
Merit: 10
Crypto Pros
November 15, 2013, 10:46:15 AM
#16
good job using a password manager, theymos.
administrator
Activity: 5222
Merit: 13032
November 10, 2013, 12:41:06 AM
#15
If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?

Just yours so far. (A CSRF.)
legendary
Activity: 1246
Merit: 1077
November 09, 2013, 11:43:42 PM
#14
If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?
Pages:
Jump to: