Conversation

Notices

1. Embed this notice
   Viss (viss@mastodon.social)'s status on Friday, 25-Apr-2025 05:00:32 JST Viss

   another bug bounty, another story of 'closed wontfix', where they dont pay out and fix the bug anyway

   https://omarabid.com/hacker-one

   bug bounties were a mistake

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 05:00:30 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @Viss sounds about right :-/

   • Embed this notice
     Viss (viss@mastodon.social)'s status on Friday, 25-Apr-2025 05:00:31 JST Viss

     in reply to

     this was... basically my experience with hackerone, the one time i used them.

     the first 'hack the pentagon' bug bounty. where I found two bluecoat proxies that were misconfigured and permit traffic natted into their lan from the wan.

     so i used proxychains, specified the wan addressess as http proxies, and contorted nmap to scan through it, and was getting tcp open/close hits from a 172 network inside what i was told later was "a training environment".

     zero payout, no credit
     but i got a coin?

   • Embed this notice
     Viss (viss@mastodon.social)'s status on Friday, 25-Apr-2025 05:00:31 JST Viss

     in reply to

     im told it was the second-worst finding of the entire program, so youd think that would count for something, but oh well.

     been sour on bugbounties since then. they seem to work on the 'carnival principle' - where a tiny handful of folks get MASSIVE PAYOUTS, and they gloat and brag about them, and thats the sorta marketing engine that keeps people trying them. most folks get peanuts, or nothing.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 05:09:24 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Paul_IPv6

     @Viss @paul_ipv6 lolsob

   • Embed this notice
     Paul_IPv6 (paul_ipv6@infosec.exchange)'s status on Friday, 25-Apr-2025 05:09:25 JST Paul_IPv6

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @Viss @ryanc

     one of my pet peeves was the seemingly endless parade of congress-critters on CSPAN getting up to talk about something technical and starting with "i don't know how any of this techy stuff works at all but i think we should...".

     no one goes to a "doctor" who starts with "i have no idea of how diseases or the body works and have no medical expertise but i think we should...".

   • Embed this notice
     Viss (viss@mastodon.social)'s status on Friday, 25-Apr-2025 05:09:25 JST Viss

     in reply to

     • Paul_IPv6
     • Ryan Castellucci :nonbinary_flag:

     @paul_ipv6 @ryanc rfk does

   • Embed this notice
     Viss (viss@mastodon.social)'s status on Friday, 25-Apr-2025 05:09:26 JST Viss

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc so infuriatingly stupid. people who dont know how to computer shouldnt fucking be allowed to touch computers. not unless its to learn how to computer, and that would be on training computers.

     the beatings will continue as long as the head of the cia uses an aol email address and politicians gloat about never reading emails and being complete nontechnical troglodytes

   • Embed this notice
     Wulfy (n_dimension@infosec.exchange)'s status on Friday, 25-Apr-2025 05:36:29 JST Wulfy

     in reply to

     • Paul_IPv6
     • Ryan Castellucci :nonbinary_flag:

     @paul_ipv6 @Viss @ryanc

     Internet is a series of pipes

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 05:36:29 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Paul_IPv6
     • Wulfy

     @n_dimension @paul_ipv6 @Viss one time, on the way to hacker camp, I saw a big truck carrying a series of tubes