Submission + - Remember that 70-solar-mass black hole announced last week? Yeah, not so much.
Comment Re: Don't forget abuot snaps! (Score 1) 121
Submission + - Nearby star is Sun's long-lost sibling
What Disney's Acquisition of Fox Means For the Future of Film and TV (qz.com) 139
Imagine all of the properties mentioned above, plus all of Disney's existing franchises (Star Wars, Marvel, Pixar, etc.) combined into one internet streaming service. You won't have to imagine for long, because that's pretty much exactly why Disney CEO Bob Iger was so keen on buying all of Fox's biggest assets. Disney plans to release a streaming entertainment service in 2019. It would have been quite formidable on its own, even without Fox's help, but now it will likely be the first true rival to Netflix in the streaming space. Before today, Disney, Fox, and Comcast (NBCUniversal) all shared equal 30% stakes in Hulu (Time Warner owns 10%). But when Disney takes over Fox's share of the streaming service, it will own 60%, becoming a controlling majority owner, relegating Comcast to minority owner in the process.
20th Century Fox, we hardly knew ye. Okay, that may be a bit premature, but it's clear that Fox's film business won't be the same if the merger is approved. The deal marks the first time in modern history that one major film studio has purchased another, eliminating one of the "big six," and essentially giving Disney control of two-thirds of Hollywood. (The other four major movie studios are Universal, Warner Bros., Paramount, and Sony.)
Comment Re:WAT? Windows? Easy to maintain? (Score 1) 336
Comment Re:WAT? Windows? Easy to maintain? (Score 1) 336
Comment Re:WAT? Windows? Easy to maintain? (Score 1) 336
Comment Re:Not enough (Score 1) 39
The good news is that all of this is voluntary. If you don't like the program or the rewards, there is no obligation to participate.
It should be noted that the reward from Google is on top of whatever the company in question may pay. Companies that develop Android apps can start their own programs with their own bounties. Google's program comes on top of that.
As a hacker, the more you submit valid vulnerability reports on HackerOne, the more skilled you will become and the higher your reputations score will go. This in turn will allow you to make money on many other programs.
It's not easy to become a top whitehat hacker, but if you do, the rewards are significant.
Here is how HackerOne celebrated the $500,000 milestone for a hacker: https://www.hackerone.com/blog/mlitchfield-Earned-500000-on-HackerOne
(Sorry for first posting this as Anonymous Coward. I had forgotten to sign in.)
Comment Re:Payouts are garbage, though (Score 1) 58
This is an interesting question. We don't really know what will happen long term. One possibility, as you point out, is that black markets will always outpay any other market. Another possibility is that the ethical hacker community will become so large and strong that they will find all those same vulnerabilities and deliver them to the system owners before the black market gets to build exploits and use them for nefarious purposes. It takes just one ethical hacker who finds a critical 0day to deliver it to a service like HackerOne, and the market for that vuln is over. Although asymmetry is usually in the favor of the criminal actor, in this case it is in the favor of ethical behavior. One ethical hacker can put an end to the sale of a 0day on the black market.
Comment Re: Payouts are garbage, though (Score 1) 58
What I find interesting is that a regular newspaper will write about this despite it being a highly technical topic. The readers of New York Post are regular citizens. This shows that software security and the hunt for bugs are becoming important enough to be presented to the broader public.
Comment Re:Payouts are garbage, though (Score 1) 58
Given the ease of submission and speed of payment, a bug bounty can be very well worth it. On HackerOne, there is a hacker who made over $600,000 in two years with most of the individual bounties well under $10k.
Submission + - Supermassive black hole rocketing out of distant galaxy at 5 million mph
Comment Re:Obviously... (Score 4, Insightful) 255
Comment Re:Snake oil salesman (Score 1) 49
Ha ha. That's a common joke about the security industry. There is some truth to it.
What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.
That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.