Search This Blog

Showing posts with label Bounty. Show all posts

Indian Origin Woman Rewarded with Rs 22 Lakh Bounty by Microsoft


Aditi Singh, a 20-year-old Delhi-based ethical hacker, was awarded $30,000 (Rs 22 lakh roughly) for detecting a bug in the Microsoft Azure cloud system. Just two months ago, Aditi uncovered an issue in Facebook and got a $7500 (around Rs 5.5 lakh) bounty. 

She further claims that both these firms have a relatively new remote RCE problem, but that is something new and is not paid much attention comparatively. With such weaknesses, hackers can access and maintain information on their internal systems. 

Aditi points out that it isn't simple to locate vulnerabilities and that ethical hackers need to keep up with new bugs in their game, report them, and still be eligible for pay-outs. She does not only emphasize getting money but also stresses gaining knowledge and learning about ethical hacking first. 

“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” claimed Aditi, the first one to notice the flaw on the RCE. She added that the tech giant had taken almost two months to answer as they checked whether anybody had downloaded its faulty version or not. Aditi believes that individuals must ask the company's support team to host a bonus scheme before they even begin to uncover a bug. And, if the company confirms such a scheme, bounty hunters must yield results. 

Bug bounty hunters are mainly trained and certified cybersecurity professionals or security researchers who scan the web for bugs or loopholes via which hackers can sneak in and notify the company. Individuals are awarded cash when they succeed. 

Aditi explained that developers wrote the code immediately when a Node Package Manager was first downloaded –which is an affiliate of GitHub, where anyone can view the codes of these enterprises as they are open sources. 

For the last two years, Aditi has been ethically hacking. She first broke into the Wi-Fi password of her neighbor (which she sees as a personal triumph) and she hasn't looked back since.

In addition, she has earned letters of appreciation from Harvard University, Columbia University, Stanford University, and the Google Hall of Fame. 

“I took an interest in ethical hacking when I was preparing for NEET, my medical entrance in Kota,” Aditi says. “I didn’t get through in medical school but have found bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum, HP, among others." 

She immediately knew after reporting an OTP bypass bug in the TikTok Forgot password section, she intended to go to ethical hacking and also received a bounty of 1100 dollars. 

“There are multiple resources and Google, Twitter, and Hacker One that have write-ups with explanations about ethical hacking,” Aditi says. 

Aditi emphasizes that if individuals want to learn more about hacking, they need to know Python or JavaScript, a computer language. She also proposes OSCP, a credential program designed to help ethical hackers in bussing. She also says that most of her bounty goes into buying certified hacking courses and tools.

Chinese Network Security Laboratory Offering Bounty for Cyber Attacks

A 24-hour online testbed known as Network Endogens Security Testbed (NEST) is proposed by a Chinese network security laboratory for the purpose of testing the security measures provided by various organizations. It's a globally accessible testbed which would welcome cyber attacks from people and organizations across the world.

As per the Purple Mountain Laboratory for Network Communication and Security, the testbed would accept public tests with a reward money of 1.5 million yuan ($2,18,000).

Authorized users are likely to receive corresponding bounties on the basis of their test outcomes, according to the Nanjing-based laboratory.

Justifying the purpose of the proposal, Wu, the proposer of Cyber Mimic Defence Theory, said that improved "autoimmunity" should be made a priority for the upcoming generation information technology.

Wu Jiangxing, an academician of the Chinese Academy of Engineering, compared the present day network security measures which are patches for the flaws and the antiviruses to taking medicine after catching the disease.

“Whether the network is safe or not, hackers have a say. They are also welcomed to challenge it,” he added.

NEST is designed to subdue security threats that arise due to unknown flaws, vulnerabilities or Trojans, Wu told that NEST could effectively put an end to such network security threats without having to rely upon an external safeguarding measure.