Big Bug Bounty Hunts by Cyber Giants Fetch Ethical Hackers Millions!





As a part of being more aware and secure in terms of cyber-crime and to stay clear off any possible hazards that may or may not come their way, organizations have started paying up millions to those people who find bugs in their systems.


Recently, a concerned cyber-space user received a message that allegedly said, “Hey, we’ve got some money for you. Do you want it?”

This message had come from Yahoo in response to a bug that the person had sent to the organization. As of now this bug-sending business has paid up a profit of $1.5m.

Yahoo like many companies pays up to people who find bugs and loopholes for them that could be potentially exploited by hackers or cyber-cons.

These ethical hackers sign-up with organizations like Bug Crowd, Synack, Hacker One etc. who conduct bug bounty programs on behalf of other organizations.

 To participate in this, a person need not even have a profound knowledge of coding and other technical skills cited the aforementioned user.

However, he had always been a part of the security industry where he learned deeply about the protocols regarding the swapping of data.

Nevertheless, there is a substantially enormous difference between the way professionals work on cyber issues and the way beginners do.




It’s been long since people actually felt inclined towards working in the cyber security industry even if they weren’t getting paid much.

Earlier and even now to some remote extent there exists an underlying need for more professionally oriented skillful hands in the cyber-security industry.

Many countries have government funded educational schemes for school kids to help them have a sense of the cyber-security.

With 25,000 school children as their intake UK’s scheme, Cyber Discovery had a fabulous first year. It’s an initiative to let kids know that the daily work of pros is fun.

Participants get points when they complete each section and the top performers get to attend residential courses that help them get better.

The big bug bounty hunts could be a great way to attract the attention of young minds and help them get a taste of what defeating bad guys feels like.

Anyone who wished to enter in the big bug bounties should contemplate the fact that it requires a lot more than sheer luck to work as an actual cyber-security guy.

“Also, companies should have their own set of defenses set against the cyber cons rather than letting the bounty hunters know what the inner situation is.”, said a source.

Nonetheless, it should always be more about being a concerned citizen, trying to solve problems, and make a better and safe cyber-world.


Yahoo to the rescue of forgetful users with "on-demand password"

Passwords are not meant to be remembered. It is meant to be generated fresh, every time you forget it.

This is what Yahoo seems to think as the company just introduced an on-demand password system.

The system works like this: After signing into the Yahoo account one has to select Account security from the account information page and opt-in for “On-demand passwords”. Then one has to enter the phone number where Yahoo sends the verification code and after entering this code one never has to worry about memorizing passwords ever again.

It can be argued that the move away from default passwords is welcome as password theft is very common now a days but some feel that the privacy is being sacrificed because anybody with access to the phone for even a few seconds has the potential to read through all your communication.

But the fact remains that peril of default passwords had been dealt well with the two step authentication process; whereby if one logs in from a new device, in addition to the password one is asked for a code that has been sent to the associated mobile number. A move to completely eliminated the first step seems to be inclining towards laxer cyber-security norms.

At a time when Google tries to put one in panic mode by notifying what happens if you forget your password and repeated reports of security breaches makes one paranoid, the move from Yahoo to eliminate passwords has invited mixed reactions.

Presently, it is available only to US users.

While the effort is in the right direction to deal with password security issues by closely connecting the virtual and real identities, the approach adapted seems to be fallacious.