One week after launching a Bug bounty program by the Kim Dotcom's new file-storage and sharing service MEGA claims to have fixed seven vulnerabilities. Although Mega hasn't shared how much money and to whom it paid out in the first week. But as promised, it is clear that MEGA paid out thousands of dollars in bug bounties during the first week of its security program.
We found bug hunter yesterday (tweeted)- Mr. Frans Rosén received 1000 Euros in the bug fixing challenge. This tweet was also Re-tweeted by Kim Dotcom later, that confirmed Frans's class III bugs reward.
We found bug hunter yesterday (tweeted)- Mr. Frans Rosén received 1000 Euros in the bug fixing challenge. This tweet was also Re-tweeted by Kim Dotcom later, that confirmed Frans's class III bugs reward.
Congratulations @fransrosen for XSS in #MEGA. Handsome EUR 1000 in Bug Bounty Program twitter.com/fransrosen/sta…
— The Hacker News™ (@TheHackersNews) February 10, 2013
In a blog post, Mega explained how it classifies vulnerabilities and their impacts. Vulnerabilities were classified into VI classes, with I being the lowest risk and VI being the highest.
Seven qualified bug details are as shown below:
Seven qualified bug details are as shown below:
But the previous challenge to brute force the password from the confirmation link sent at sign up, or decrypt one of its hosted files, has remained unbroken.
"We believe that it would be premature to draw any conclusions at this time barely three weeks after our launch and one week into the program. It is clear that the vulnerabilities identified so far could all be found by checking only a few lines of code at a time; none of them required any analysis at a higher level of abstraction." Mega Blog post said.
Ever seen Google, Facebook, Paypal, Twitter Founder's Greets like this ?twitter.com/fransrosen/sta… via @fransrosen cc: @kimdotcom Cheers :)
— The Hacker News™ (@TheHackersNews) February 11, 2013