Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Good for them (Score 1) 147

he fact that the disclosure post was removed quickly may indicate wrongdoing, that he realized he messed up. So, fine, remove the disclosed vulnerabilities from the bounty, but still pay the bounty for the others.

sometimes when you f-up you just have to eat it. accept responsibility and the outcome of YOUR mistake. behavior like this is a side affect of the having parents that never let your learn lessons the hard way. lost your iPod little Johnny? we'll buy you a new one. i don't blame him for being upset. anyone would be upset. but it's his mistake.

If he had submitted each issue separately they would have paid the others that he didn't disclose.

almost certainly not. they are not paying him because he did something very irresponsible. he did exactly what that the bounty program is trying to prevent. it's like if you offered someone $20 to wash your car, which they did, but then threw a bucket of mud on it. would you still pay them the $20?

Comment: Re:Good for them (Score 1) 147

for one exploit that was refused, how is it legitimate to deny the bounty for the other 29?

because life's not completely disconnected like that?
because you don't pay someone that publicly exposed exploits without giving you a chance to fix them.

say you paid a guy to mow your lawn for $20 and wash your car for $20. he does a fine job mowing your lawn, but in the process of washing your car he breaks your windshield and slits your tires (maliciously, and offering no compensation). would you pay him for mowing your lawn?

Comment: Re:Good for them (Score 1) 147

Except this only works a couple times. Who is going to spend their time on Groupon now that they know they'll weasel out of paying?

groupon would rather bugs not be reported at all than having them posted openly on the internet before they have a chance to fix them. anyone would. this guy did them a major disservice.

Comment: Re:Good for them (Score 1) 147

Groupon could hire people themselves to find the vulnerabilities, but they chose not to, instead they offer a bounty for security bugs, which apparently is very cost effective when they don't pay up, so it's a double win

maybe you aren't familiar with how bug bounties work. it's when a company pays a finder for *privately* reporting issues before they are discovered publicly. this guy did both. he reported it privately when went on to disclose it publicly. you think a company should reward someone for disclosing security vulnerabilities publicly before they have a chance to fix them?

Comment: Re:He screwed up. (Score 1) 147

You mean "thing", right? Only one, only by mistake, only for a short period of time.

you new to the internet? you can't expose something for a "short period of time". once it's posted, it lives on. anyone could have copied it. maybe you'd like to post your credit card card info for a "short period of time". you okay with that? it's only one "thing" after all.

that's the whole point of a bounty system: to get folks to report bugs to you *privately* before they are discovered publicly. he got what he deserves. this is nothing more than sour grapes. he wanted his bounty, and the public fame of posting to xssposed.org. well, can't have both.

Comment: Re:lol, Rand sucking up to the dorks (Score 3, Insightful) 206

I can't believe that after all these years there are still people who believe that Swartz faced a 35 year sentence. He did not.

^^^ this. and mr. swartz most certainly knew that also. as another post stated, he was likely to get somewhere between a few months and a few years. after which he'd be a folk hero and have his choice of employment or continued studies.

Comment: Re:lol, Rand sucking up to the dorks (Score 1) 206

You're a fucking moron. How does "access without authorization" warrant a 35 year sentence?

it doesn't, and note that he was never sentenced to that was he? let me tell you how it works. prosecutors throw the book, defenders ask for community service, and they meet in the middle.

also, you should learn some words >4 letters. if you actually want to sway people to your point that is. if you're just trolling, then by all means, keep up the good work.

Comment: Re:there's a strange bias on slashdot (Score 1) 192

by farble1670 (#49495991) Attached to: Microsoft's Role As Accuser In the Antitrust Suit Against Google

If it works this will drive google out of Europe, but it won't help Microsoft because then Bing will become the number one European search engine and 100% of Bing's revenue

i suspect microsoft would love to be in their position right now, lawsuit and all.

ironically, the fact that google is being sued like this is a good for them. not directly, but if you are big and powerful and lack competitors, that's a darn good problem to have as a business.

Comment: Re:there's a strange bias on slashdot (Score 1) 192

by farble1670 (#49495703) Attached to: Microsoft's Role As Accuser In the Antitrust Suit Against Google

that does not correctly paint the picture.

it's simple undercutting strategy. no matter how favorable an environment for business nation A provides, there's always a nation B that will undercut them. not because nation A is unfairly taxing business, and not because it's economically viable for nation B in the long run, but to get business to move their and then raise taxes to a point where they can break even in the long run. once businesses are entrenched, they are less likely to leave. and if you don't offer the carrot, they'll never come in the first place.

relative to other western nations, overall the US is extremely favorable to business, to the detriment of it's citizens in many cases.

Comment: Re:Remember M$'s role on SCO? (Score 1) 192

by farble1670 (#49495407) Attached to: Microsoft's Role As Accuser In the Antitrust Suit Against Google

Once MS had the original product, they decided to give it away... as a zero cost. Thus they didn't pay Spyglass their percentage. And in the process put Spyglass nearly out of business, and stole the browser.

they either broke a contract, or they didn't. either way, if the outcome is what you say, it's spyglass that messed up.

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"

Working...