News Posts matching #bounty

Return to Keyword Browsing

AMD Have a Refreshed Bug Bounty Program with Rewards Up to $30,000

AMD has announced a new bug bounty program with prizes for individuals and public researchers. The company is partnering with the cloud security provider Intigriti on this new "bugs hunting campaign", this time, they have a better reward system with up to $30,000 in cash up for grab, while more people can take part. Bug bounties are not new in the industry, with modern hardware, bugs and issues have increased, this being a good way for companies to find vulnerabilities without spending too much on detection.

Individuals look for bugs, and then send a report to the company describing the bug and its impacts, AMD then gives prizes to the hunters based on factors like bug severity. It will be at least interesting to see what happens with AMD's new bug bounty program since public researchers can now take part.

(Eligible list with products and technologies below)

Intel Launches Project Circuit Breaker

Intel is expanding its Bug Bounty program with Project Circuit Breaker, bringing together a community of elite hackers to hunt bugs in firmware, hypervisors, GPUs, chipsets and more. Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers. Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly "Tiger Lake").

Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats - and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry's security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do."
-Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty

Sony Launches Playstation Bug Bounty Program

Thanks to the report of ZDnet, we have information that Sony has launched a bug bounty program for its Playstation console. Sony will pay security researches upwards of $50K for a bug they discover. Of course, there are smaller rewards and it depends on what type of bug is discovered. The starting amount for the bug bounty program is $100. The area of bug exploits includes Playstation Network, the PlayStation 4 console itself, and the PS4 operating system. The bug bounty program is going to be available and managed through the HackerOne platform, where multiple companies like PayPal, Slack, etc. keep track of bugs and offer rewards for them. You can check out the Playstation bug bounty program here.
Playstation Bug Bounty Program

Valorant Anti-Cheat Software Can Now Be Turned Off

Riot Games has come under fire recently for its "Vanguard" anti-cheat software found in their new game Valorant due to the use of kernel-mode drivers with Ring 0 privileges. This raised several important security and user concerns around system security and stability, while not solving the root problem Riot Games has in response released a new blog post detailing the workings of the "Vanguard" anti-cheat software. This blog post was paired with an announcement that Riot Games would be increasing the maximum payout available from their bug-bounty program and introduce a new "Vanguard" scope to help further improve security. Riot Games has also introduced new updates to Valorant which will allow users to disable "Vanguard" from the system tray when not in-game, however, this will lock the player out of Valorant until the computer is rebooted. In addition to the system tray changes is an option to fully uninstall the "Vanguard" software from the user's computer has been added at long last.

Intel Tried to Bribe Dutch University to Suppress Knowledge of MDS Vulnerability

Cybersecurity researchers at the Vrije Universiteit Amsterdam, also known as VU Amsterdam, allege that Intel tried to bribe them to suppress knowledge of the latest processor security vulnerability RIDL (rogue in-flight data load), which the company made public on May 14. Dutch publication Nieuwe Rotterdamsche Courant reports that Intel offered to pay the researchers a USD $40,000 "reward" to allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers.

Intel's security vulnerability bounty program is shrouded in CYA agreements designed to minimize Intel's losses from the discovery of a new vulnerability. Under its terms, once a discoverer accepts the bounty reward, they enter into a NDA (non-disclosure agreement) with Intel, to not disclose their findings or communicate in the regard with any other person or entity than with certain authorized people at Intel. With public knowledge withheld, Intel can work on mitigation and patches against the vulnerability. Intel argues that information of vulnerabilities becoming public before it's had a chance to address them would give the bad guys time to design and spread malware that exploits the vulnerability. This is an argument the people at VU weren't willing to buy, and thus Intel is forced to disclose RIDL even as microcode updates, software updates, and patched hardware are only beginning to come out.

Update: (17/05): An Intel spokesperson commented on this story.

Intel Expands Bug Bounty Program in Wake Of Spectre, Meltdown Flaws

(Editor's Note: This move by Intel aims to expand their bug-bounty program to specifically include side-channel attacks, such as those that can be leverage on the Spectre and Meltdown exploits. The company is also increasing the rewards it will give the researchers who find new flaws, a move that aims to employ the masses' knowledge and ingenuity to try and reach the hard-earned bonus at the end of the vulnerability - all while saving Intel much more money than it's paying to bug hunters.)

At Intel, we believe that working with security researchers is a crucial part of identifying and mitigating potential security issues in our products. Similar to other companies, one of the ways we've made this part of our operating model is through a bug bounty program. The Intel Bug Bounty Program was launched in March 2017 to incentivize security researchers to collaborate with us to find and report potential vulnerabilities. This, in turn, helps us strengthen the security of our products, while also enabling a responsible and coordinated disclosure process.

Microsoft Announces the Windows Bounty Program

While Microsoft has been offering bug bounty incentives since at least 2012, Google has arguably been much more vocal in its bug bounty programs. The company recently increased the maximum payout in its bug bounty programs (mainly focused on Android) to a staggering $200,000, and now Microsoft is not only following suit - it's upping the game.

With the Windows Bounty Program, which Microsoft announced yesterday, the company is looking towards an increased incentive to security-hardening suggestions from tech-savvy users. This program will extend to all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. And incentives starting at $500 and going all the way up to $250,000 are very, very respectful.

Blizzard Pays Generous Bounty for Original Starcraft "Gold Master" Source CD

It's never fun to be contacted by a legal department and be told that something you bought online is not rightfully yours. Still, this occasionally does happen in the case of intellectual property that has been misplaced and is not supposed to be resold. Example: The case of Reddit user Khemist49, who found himself in possession of a CD-ROM claiming to be the original source code for the game "StarCraft." Where did he get said disc? A box of "old Blizzard-related stuff" he bought on Ebay in April. Thinking he had something special, he posted on Reddit asking what to do with it.
Return to Keyword Browsing
Dec 19th, 2024 07:46 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts