Google Pays High School Student $10,000 for Reporting Security Flaw


A high-school student from Uruguay has been rewarded with $10,000 (roughly Rs. 6.5 lakh) after he discovered and reported a vulnerability to Google.

The student, Ezequiel Pereira, says he chanced upon the vulnerability after a bout of boredom last month when he was poking around Google services using Burp Suite, a popular Web security testing tool.

After a few failed attempts, Pereira says he came across yaqs.googleplex.com, an internal webpage which didn’t have username or password check in place. Googleplex.com hosts several Google App Engine apps.

“The website’s homepage redirected me to “/eng”, and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: “Google Confidential”.

“At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp,” Pereira wrote.

Sharing screenshots of the email exchanges, Pereira said he received multiple response from Google’s security team the same day, who confirmed that the bug he had reported was indeed effective.

Also seeBug Bounty Hunters Say They Aren’t Welcome in India

With little to no hope of any rewards, Pereira says he was surprised when a month later Google team informed him that he would be paid $10,000 for his work, and that he could share the nature of the vulnerability with the world.

Google has since resolved the vulnerability. “The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker access sensitive data,” Pereira wrote.

The transparency and willing to reward independent security researchers is one of the things several Silicon Valley companies have been working on. Google, Microsoft and Apple are increasingly offering bug bounty reward programs where they encourage people to report any security or privacy flaws they spot in any of their services.


Like it? Share with your friends!

What's Your Reaction?

hate hate
3
hate
confused confused
2
confused
fail fail
1
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
2
love
lol lol
3
lol
omg omg
2
omg
win win
1
win
Louis Ojibe

I am a blogger

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format