The article this blog is based upon was posted on February 11th and can be found at mashable.com
The term “hacker” automatically has a negative connotation,
but Christian Lopez Martin turned his name “hacker” into “hero.”
Martin is a self-identified freelance security researcher and
as such, he found an intense bug in the coding of mobile Instagram. The bug
would have allowed strangers to view users’ personal photos, but Martin brought
his work to Facebook and they have since corrected the problem.
Martin reported the problem through part of Facebook known
as the White Hat Program, which is known for compensating the security
researchers that show responsibility. The minimum payment is actually $500 whereas
Martin was able to receive a number within the four-digit realm due to the “severity
and creativity” of the bug.
Apparently the fix time on the bug was six whole months, but
the majority of the problems were resolved only a month after Martin brought it
to their attention. The article urges that “given the fact that Instagram
rolled out private messaging in December, it seems as though Instagram dodged a
bullet when Martin brought the bug to light before the new feature was
introduced.”
I actually question if security researchers like Martin,
look for companies that are launching something new or even just ones that are
well off and then plant their own bugs to which they can provide the solutions
to and receive compensation. I can only imagine that if they are smart enough
to find and stop a bug, they can make one.
You bring up a very good point. I wonder if these companies even realize that people could do this as a way to earn a living. I feel if thats the case then companies should lower how much they are paying them. That way the cost (in terms of time) of creating a bug might outweigh the benefits of getting paid. However, if they are truly "security researchers" then I'm glad that we have them. I can't imagine if people had access to personal things on my phone without me knowing.
ReplyDelete