A higher-faculty university student from Uruguay has been rewarded with $10,000 (about Rs. 6.5 lakh) after he identified and documented a vulnerability to Google.
The university student, Ezequiel Pereira, says he chanced upon the vulnerability after a bout of boredom last month when he was poking all around Google providers working with Burp Suite, a well-liked Web protection testing tool.
After a few failed tries, Pereira says he arrived across yaqs.googleplex.com, an interior webpage which didn’t have username or password verify in place. Googleplex.com hosts quite a few Google App Motor applications.
“The website’s homepage redirected me to “/eng”, and that webpage was rather intriguing, it had lots of inbound links to diverse sections about Google providers and infrastructure, but prior to I visited any area, I read through some thing in the footer: “Google Confidential”.
“At that issue I stopped poking at the site and documented the issue appropriate absent, with no even thinking of a much better way to present the vulnerability than with Burp,” Pereira wrote.
Sharing screenshots of the email exchanges, Pereira mentioned he acquired multiple reaction from Google’s protection team the same working day, who verified that the bug he had documented was certainly efficient.
With minor to no hope of any rewards, Pereira says he was surprised when a month later on Google team educated him that he would be paid out $10,000 for his do the job, and that he could share the character of the vulnerability with the planet.
Google has considering that solved the vulnerability. “The bug has been fastened now, and, in accordance to Google, the substantial reward was simply because they discovered a few variants that would have authorized an attacker entry sensitive facts,” Pereira wrote.
The transparency and ready to reward impartial protection researchers is a person of the factors quite a few Silicon Valley organizations have been doing the job on. Google, Microsoft and Apple are increasingly supplying bug bounty reward applications the place they motivate people to report any protection or privacy flaws they place in any of their providers.