Episode 20

full
Published on:

22nd Sep 2020

20: Bugging Out Over Bounties

What’s been bugging the team recently? Slack’s bug bounty – if it can even be called that – causes some consternation in this episode and raises serious questions about bug bounty programs. The bug in question was classified as a ‘critical’ RCE vulnerability and yet the researcher who discovered it only got $1750. Yup, you read that right. Apparently doing the right thing doesn’t always pay, but if you’re like Kev you might end up with some free chicken or a heartfelt ‘thank you’. We’re absolutely certain that such rewards are enough to keep people on the responsible disclosure side of the fence…

Also covered in this episode is the strange news that a Russian national was arrested for trying to convince a Tesla employee into installing malware onto the company’s network for the tasty sum of $1m. Color us intrigued…

***

Slack Bug Bounty:

https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/?europe=true

Tesla Hacking Plot:

https://www.zdnet.com/article/elon-musk-confirms-russian-hacking-plot-targeted-tesla-factory/

Show artwork for Cyber Humanity

About the Podcast

Cyber Humanity
The podcast taking cybersecurity personally
There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.

Join Chris Pace (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Max Vetter (former dark web detective and pretty cool guy), and Paul Bentham (ex-gov. type and Immersive Labs product guru) as they wend their way through the murky world of Cyber Humanity.