undefined | Better HN

0 pointshansvm1y ago0 comments

> when you could just push a change to prod instead.

I wonder if there's an attack vector hiding where you induce a malicious bug via an illegitimate bounty and the developers' bias against inaction.

0 comments

It's a $20k bounty for simply taking a cookie that a HackerOne employee accidentally pasted when responding to a different vuln report on HackerOne.

100%, hacking is as much technical prowess as it is social engineering.

j / k navigate · click thread line to collapse

0 pointshansvm1y ago0 comments

> when you could just push a change to prod instead.

I wonder if there's an attack vector hiding where you induce a malicious bug via an illegitimate bounty and the developers' bias against inaction.

It's a $20k bounty for simply taking a cookie that a HackerOne employee accidentally pasted when responding to a different vuln report on HackerOne.

100%, hacking is as much technical prowess as it is social engineering.

j / k navigate · click thread line to collapse