- cross-posted to:
- technology@lemmy.world
- cybersecurity@sh.itjust.works
- cross-posted to:
- technology@lemmy.world
- cybersecurity@sh.itjust.works
You must log in or register to comment.
To clarify this is about someone identifying a vulnerability and getting $10k from Google for it
I was just thinking “maybe I can just give them my email…” but of course it isn’t that simple
I’d pay $10,000 for your email.
$10,000 and my ass eaten? Sold.
Prepare for a lot of furry porn on you inbox.
Prepare for a lot of furry scat porn in your inbox.
that’s the real maricle here, an actual payout of a bounty.
…huh? Bug bounty payouts are not even remotely rare in either the industry as a whole or Google specifically.
Here’s a POC of the exploit in action:
This video has been removed for violating the YouTube TOS
Sharing a video about a Google security vulnerability on Google’s own platform. What would you expect?
They did disclose it to Google before, and got a bounty but it seems the moderators from YouTube didn’t get the memo
When FFXIV implemented better blocking tools this past summer, there was an option when blocking a single character to block the entire service account. This would be fine, but the implementation they went with is client side, and when you select that option, you get the service account ID. Which means that if you’re blocked by someone, you can’t made an alt character to stalk/harass them. But with third party tools, we can see this account ID. The stalker could just use a new account and find the person’s account ID that they were harassing and find any alt character they have in the game. They’re changing this soon as a third party tool popped up and is now able to do this, full source code leaked so there’s no shutting it down until the game devs change how it’s done.
This sounds super similar, but the implementation that you had to do for google is crazy.
Saying full source code leaked is a little wrong.
Plugin was always open source, and all plugins for that framework are required to be open source by the framework’s licensing.
Doesn’t change the fact that once one person did it, the code was available for anyone, though, you’re right.
Ah yea. Idk why I said leaked since it was published that way. Nice call out!
Fun read
So… Google Mail will not show me emails if their title is 2.5 million letters long? Pathetic
Nice exploit chain!
It took them 147 days to fix this?!?
