Episode 20: Bugging Out Over Bounties

Written by
Immersive Labs
Published on
September 22, 2020

What’s been bugging the team recently? Slack’s bug bounty – if it can even be called that – causes some consternation in this episode and raises serious questions about bug bounty programs. The bug in question was classified as a ‘critical’ RCE vulnerability and yet the researcher who discovered it only got $1750. Yup, you read that right. Apparently doing the right thing doesn’t always pay, but if you’re like Kev you might end up with some free chicken or a heartfelt ‘thank you’. We’re absolutely certain that such rewards are enough to keep people on the responsible disclosure side of the fence…

Also covered in this episode is the strange news that a Russian national was arrested for trying to convince a Tesla employee into installing malware onto the company’s network for the tasty sum of $1m. Color us intrigued…

***

Slack Bug Bounty:
https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/?europe=true

Tesla Hacking Plot:
https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/

About Cyber Humanity

The podcast taking cybersecurity personally
There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.

Join Chris Pace (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Max Vetter (former dark web detective and pretty cool guy), and Paul Bentham (ex-gov. type and Immersive Labs product guru) as they wend their way through the murky world of Cyber Humanity.

Share this post