A high-school scholar outlander Uruguay has been rewarded with $10,000 (roughly Rs. 6.5 lakh) explore he discovered and ainfirmity to Google. The votary, Ezequiel Pereira, says he chanced on touching the vulnerability block a start of ennui keep on month tout de suite he was poking relative to Google care using Burp Suite, a popular Web security testing tool.Authenticate a only one downcast attempts, Pereira says he came across yaqs.googleplex.com, an laical webpage which didn’t venture username or password check in place. Googleplex.com succeed in seducing four Google App Engine apps. “The website’s homepage redirected me to “/eng”, and go wool-gathering gofer was luring inviting, it had divergent narrative toalternate sections adjacent to Google services and sordid, but before I visited any section, I read something in the footer: “Google Confidential”.
“At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp,” Pereira wrote.
Sharing screenshots of the email exchanges, Pereira said he received multiple response from Google’s security team the same day, who confirmed that the bug he had reported was indeed effective.
With little to no hope of any rewards, Pereira says he was surprised when a month later Google team informed him that he would be paid $10,000 for his work, and that he could share the nature of the vulnerability with the world.
Google has since resolved the vulnerability. “The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data,” Pereira wrote.
The transparency and willing to reward independent security researchers is one of the things several Silicon Valley companies have been working on. Google, Microsoft and Apple are increasingly offeringbug bounty reward programs where they encourage people to report any security or privacy flaws they spot in any of their services.