HackerTrans
TopNewTrendsCommentsPastAskShowJobs

memesarecool

no profile record

comments

memesarecool
·6 เดือนที่ผ่านมา·discuss
Hackerone (where cURL hosted their bounty program) tracks the reputation of bounty hunters. I don't understand why they are not taking advantage of this. Make a private program, invite only hackers who have proved themselves by submitting relevant reports.
memesarecool
·ปีที่แล้ว·discuss
Yes I meant simple as in "amateur mistakes". From the mistakes (and their excitement and response to the report) they are clueless about security. Which of course is bad. Hopefully they will take security more seriously on the future.
memesarecool
·ปีที่แล้ว·discuss
Cool post. One thing that rubbed me the wrong way: Their response was better than 98% of other companies when it comes to reporting vulnerabilities. Very welcoming and most of all they showed interest and addressed the issues. OP however seemed to show disdain and even combativeness towards them... which is a shame. And of course the usual sinophobia (e.g. everything Chinese is spying on you). Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start.

Edit: typo