Forums Search Login Register
New Posts Todays Posts Find Users Posts Unanswered Threads Help Mark Forums as Read

Thread Options  Subscribe to this thread Subscribed Users  Add Reply 
Posts: 1,196
Bug bounty program pays out frequent flier miles
United Airlines is inviting security researchers and anyone else to participate in a bug bounty program for a chance to claim up to 1 million award miles, depending on what kind(s) of vulnerabilities you discover. However, it's important to note that United Airlines is looking for specific bug submissions related to its website -- hacking its planes or hitting the company with a denial of service (DoS) attack are both on the list of no-nos.
Same goes for brute force attacks; code injection on live systems; the compromise or testing of MileagePlus accounts that are not your own; any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi; any threats, attempts at coercion, or extortion of United employees, Star Alliance member airline employees, other partner airline employees, or customers; physical attacks against the same groups just mentioned; and vulnerability scans or automated scans on United servers.
Attempting any of those will, at minimum, disqualify you from the bug bounty program, but could also lead to criminal charges, United warns. So, what does that leave?
Remote code execution is at the top of United's list and is the only type of vulnerability that carries a 1 million award mile bounty. Authentication bypass, brute force attacks, potential for personally identifiable information (PII) disclosure, and timing attacks are all potentially worth 250,000 award miles, while cross-site scripting, cross-site request forgery, and third-party issues that affect United could net you 50,000 award miles each.
If you want to particpate in United's bug bounty program, you can find more details here.
Follow Paul on Google+, Twitter, and Facebook
05-15-2015, 02:38 PM
Subscribe to this thread Subscribed Users  Add Reply 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Linksys Wins Race to 100 Million Router Sales, Sets Sites on Connecting Cuba armani5596 0 694 04-21-2015 08:24 PM
Last Post: armani5596
  Raspberry Pi Sells Over 5 Million Units to Date QuailC1945 0 623 02-17-2015 11:46 PM
Last Post: QuailC1945
  AMD Posts $364 Million Net Loss, Looks to Carrizo to Turn Things Around Wilma 0 678 01-21-2015 02:05 PM
Last Post: Wilma
  Spotify Survives Taylor Swift's Departure, Climbs to 15 Million Subscribers mw7smartc 0 758 01-13-2015 02:33 PM
Last Post: mw7smartc
  Sony Grosses $15 Million from Online Weekend Debut of 'The Interview' danastacrrzynnt 0 692 12-29-2014 01:32 PM
Last Post: danastacrrzynnt
  Intel Plans to Spend $550 Million Upgrading Chip Manufacturing Plant in Israel gmelissaleachr 0 694 12-27-2014 11:00 AM
Last Post: gmelissaleachr
  Lenovo Recalls Over Half a Million Laptop Cords Due to Fire Hazard JonelleStablein 0 681 12-10-2014 01:25 PM
Last Post: JonelleStablein
  United States Postal Office Falls Prey to Data Theft, Fingers Point at China zbernadinerrrhat 0 798 11-10-2014 05:45 PM
Last Post: zbernadinerrrhat
  Microsoft's Windows Insider Program for Windows 10 Hits 1 Million Registrants thorhelicalremedial 0 939 10-13-2014 05:28 PM
Last Post: thorhelicalremedial
  AT&T Agrees to Pay $105 Million to Settle "Cramming" Lawsuit iclarindaboltona 0 674 10-09-2014 12:48 PM
Last Post: iclarindaboltona

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us Privacy Policy Top RSS
Forum Software By: MyBB, © 2002-2021