He can't sell that exploit. He's already given it away. Here.
Please tell me about the other amazing business strategies you're contemplating. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Brute forcing your own account isn't banned. But it's not rewarded, either. That's what the "If you believe you have found a method to conduct a brute-force or code injection attack, please report it to us without testing it." bit of the rules means.
In other words, no, Bennett, you did not outsmart those meanies in charge of making the rules of this bug bounty system. Your hack wasn't particularly clever, so doesn't get rewarded as if it were. However, the bug report itself is probably valid, and United obviously has some fixing to do. (No failed-PIN limiter? The 1970s called; they'd like their input validation methodology back.)
for support reasons
You're not asking the correct question.
"To support whom?"
I'm going to go one step beyond.
I'm going to market a homeopathic router. Radiated power measured in femtowatts, properly diluted with open air and succussed* correctly, will have an effective wifi range measured in light-years. I figure a good 30C dilution will work fine.
(BTW, if the user doesn't get the proper range from the device in use, it'll be because they didn't hit the router correctly.)
Problem, wifi router market?
In Windows, use the Java Control Panel and select the "Advanced" tab.
At the very bottom of the list, completely out-of-sight unless you scroll aaaaaaal the way down, in a category called "Beware of the Leopard"... no, sorry, I meant "Miscellaneous"... there's a checkbox labeled "Suppress sponsor offers when installing or updating Java".
Of course, by default it's not checked. Because money.
But check it and apply or "OK" the settings change. In the current implementation, this prevents bundling the Ask.com malware with Java upgrades -- it's a pre-opt-out, and you never have to think of it again. (At least, until Oracle decides the option should auto-magically unset itself when the user's not looking. Because money.)
Assuming this option continues to exist in future Oracle Java versions and is honored for the Yahoo tie-in, this would alleviate the pre-opt-in crapware issue. Big assumptions, of course, because Oracle.
(Or alternately, don't install Java if you don't actually need it. Or install OpenJava rather than Oracle's.)
This is not malicious. It is stupid and ignorant, but not malicious.
Any sufficiently advanced incompetence is indistinguishable from malice.
--Clark's corollary to Hanlon's Razor after Clarke's 3rd Law
What Voltaire taught long ago:
Il est dangereux d'avoir raison dans des choses où des hommes accrédités ont tort.
("It is dangerous to be right when established men are wrong.")
I think Putin is capable of being photographed climbing onto a T-72 flying the Russian flag, surrounded by Russian soldiers while standing in front of the sign that says "Welcome to Donetsk, Ukraine! Population 944,000" while explaining to a NY Times correspondent that no Russian troops are in Ukraine.
And do it all with a straight face.
You ever noticed you never see Vladimir Putin and the Iraqi Minister of Information together at the same time? Hmmm....
You don't happen to work for the Public Affairs office at Patrick AFB, do you?
It'll take "canaries" inside of the system though to draw attention to it.
Next up: NDAs integrated into contracts that prevent disclosure of this kind of termination/outsourcing, on penalty of immediate termination for cause and no severance.
The next time Disney does this, it'll take more than a canary: it'll take a whistle-blower willing to eat the personal consequences. Because in Disney management's mind, they "would have gotten away with it too, if it weren't for those meddling kids!"*
*yeah, I know, that's Hanna-Barbera, not Disney.
I'm a veteran too. I'm coming to the conclusion that OPSEC is dead, because social media guarantees the loosest lips in history.
The only way to "fix" this is either submitting social media participation of military personnel to military censorship, or a strongly enforced ban on military member participation in social media.
Which, I suspect, wouldn't work.
ObPedant: those aren't regexes, they're globs. Otherwise (for instance), the Samsung entry would match
ad nauseam: the "*" regex operator means "zero or more occurrences of the previous pattern", which in this case is the character "8".
At least, I hope they're not supposed to be regexes. Otherwise, the kernel blacklist itself will have some serious issues known-bad SSDs because someone never learned how to create a regular expression.
Correct title: "TRIM and Any Fucking Operating System: Don't Buy Defective SSDs"
It's not as if Windows or MacOS has any magic that makes queued TRIM work with non-compliant and poorly-coded hardware, right?
Seriously, WTF, over?
But Motorola did it. (Ducks.) (Ducks 65 more times.)
But the history of Iridium tells a tale that Google appears to have listened to.
It's 66 satellites, not 77 (the actual atomic number of Iridium, the purported reason for the name) because 66 satellites are cheaper to launch and maintain than 77. And still, the company went bankrupt because they couldn't get customers willing to subscribe to the service. And the successor company depends on the US DoD as a major customer -- 23% of their 2012 revenue. That's quite a lifeline -- not one I envision Google's corporate culture rushing out to embrace.
The technical challenges aren't hard, notwithstanding the validity of the "it's rocket science" jokes. The financial and market challenges are the real ones. It's not the same as sticking a website out there and labeling it "Google Foobar (beta)". It makes money from Day One or it gets the hose again.