/*codigo slider*\

miércoles, 31 de julio de 2013

Welcome to Computer Security with Ethical Hacking: List of Bug Bounty Programs

Welcome to Computer Security with Ethical Hacking: List of Bug Bounty Programs:

List of Bug Bounty Programs

Bug Bounty Program a well known topic is on the heat these days, known companies like: Google, Facebook, Mozilla are paying for finding a vulnerabilities on their web servers, products, services or some associated applications. Here is a list for all the Security Researchers and Bug Hunters to target all the best :)

Bug Bounty Websites for Web Application Vulnerability

Mozilla
security@mozilla.org 
http://www.mozilla.org/security
http://www.mozilla.org/projects/security/security-bugs-policy.html
http://www.mozilla.org/security/announce

Google
 security@google.com 
https://www.google.com/appserve/security-bugs/new?rl=xkp7zert49a5q6owod28bhr2

Facebook
http://www.facebook.com/whitehat/bounty

Paypal
sitesecurity@paypal.com 
https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/reporting_security_issues

Etsy
security-reports@etsy.com 
http://www.etsy.com/help/article/2463

Wordpress
http://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html

Commonsware
http://commonsware.com/bounty.html

CCBill
http://www.ccbill.com/developers/security/vulnerability-reward-program.php
http://www.ccbill.com/developers/security/rewards.php

Vark
http://www.vark.com

Windthorstisd
http://www.windthorstisd.net/BugReport.cfm


Bug Bounty Websites for Products Vulnerability 

Mozilla
http://www.mozilla.org/security
http://www.mozilla.org/security/known-vulnerabilities/firefox.html

Google Chrome
http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program

Zero Day Initiative
http://www.zerodayinitiative.com

Barracuda
bugbounty@barracuda.com
http://www.barracudalabs.com/bugbounty
http://www.barracudalabs.com/bugbounty/halloffame.html

Artifex Software
http://www.ghostscript.com/Bug_bounty_program.html

Hex Rays
http://www.hex-rays.com/bugbounty.shtml

Ardour
http://ardour.org/bugbounty

Piwik
http://piwik.org/security


Hall of Fame & Responsible Disclosure Websites(No Bounties)

Microsoft

http://technet.microsoft.com/en-us/security/cc308589
http://technet.microsoft.com/en-us/security/cc308575
http://technet.microsoft.com/en-us/security/cc261624
http://www.microsoft.com/security/msrc/default.aspx
http://technet.microsoft.com/en-us/security/ff852094.aspx

Apple
product-security@apple.com
http://support.apple.com/kb/HT1318
https://ssl.apple.com/support/security/

Adobe
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
http://www.adobe.com/support/security/alertus.html

IBM
http://www-03.ibm.com/security/secure-engineering/report.html

Twitter
https://twitter.com/about/security
http://support.twitter.com/groups/33-report-abuse-or-policy-violations/topics/122-reporting-violations/articles/477159-how-to-report-xss-api-and-other-security-vulnerabilities#
https://support.twitter.com/forms

Dropbox
security@dropbox.com
https://www.dropbox.com/security
https://www.dropbox.com/special_thanks

Yahoo
security@yahoo-inc.com 

http://security.yahoo.com/article.html;_ylc=X3oDMTFwMGI4cDJnBF9TAzU2NTAwMDAwMgRhaWQDMjAwNjEyMDUwMQRjbmFtZQNZb3VyIFNlY3VyaXR5IG9uIFlhaG9vIQ--?aid=2006120501

Cisco
http://tools.cisco.com/security/center/home.x#~alerts

Moodle
http://moodle.org/security

Drupal
http://drupal.org/security-team

Oracle
http://www.oracle.com/us/support/assurance/reporting/index.html

Symantec
http://www.symantec.com/security

Ebay
http://pages.ebay.com/securitycenter/Researchers.html

Twilio
http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html

37 Signals
http://37signals.com/security-response

Salesforce
http://www.salesforce.com/company/privacy/disclosure.jsp

Reddit
http://code.reddit.com/wiki/help/whitehat

Github
http://help.github.com/responsible-disclosure/

Ifixit
http://www.ifixit.com/Info/responsible_disclosure

Constant Contact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Zeggio
http://www.zeggio.com

Simplify
http://simplify-llc.com/simplify-security.html

Team Unify
http://www.teamunify.com/__corp__/security.php

Skoodat
http://www.skoodat.com/Security

Relaso
http://relaso.com/disclosure

Moduscsr
http://www.moduscsr.com/security_statement.php

Cloudnetz
http://cloudnetz.com/Legal/vulnerability-testing-policy.html

Emptrust
http://www.emptrust.com/Security.aspx

Apriva
http://www.apriva.com/security

Amazon
http://aws.amazon.com/security/vulnerability-reporting

SqaureUp
https://squareup.com/security/levels

G-Sec
http://www.g-sec.lu/responsible.disclosure.policy.html

Xen
security@xen.org
http://wiki.xen.org/wiki/Security_Announcements
http://www.xen.org/projects/security_vulnerability_process.html

Engine Yard
http://www.engineyard.com/legal/responsible-disclosure-policy

Lastpass
https://lastpass.com/support_security.php

RedHat
https://access.redhat.com/knowledge/articles/66234

Acquia
https://www.acquia.com/how-report-security-issue

Mahara
security@mahara.org 
https://wiki.mahara.org/index.php/Security 


Zynga
security@zynga.com
http://company.zynga.com/security/whitehats

Risk.io
https://www.risk.io/security

Opera 
http://www.opera.com/security/policy
https://bugs.opera.com/wizarddesktop
http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers

Owncloud 
http://owncloud.org/security/policy
http://owncloud.org/security/hall-of-fame

Scorpion Soft
security@scorpionsoft.com
http://www.scorpionsoft.com/company/disclosurepolicy


Norada 
http://norada.com/norada/crm/security_response

Cpaperless 
http://www.cpaperless.com/securitystatement.aspx

Wizehive 
http://www.wizehive.com/security
http://www.wizehive.com/special_thanks.html

Tuenti
http://corporate.tuenti.com/en/dev/hall-of-fame

Nokia Siemens
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Sound Cloud
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

HTC
security@htc.com

http://www.htc.com/www/terms/product-security

Neohapsis
http://www.neohapsis.com/disclosure.php

Nokia
security-alert@nokia.com
http://www.nokia.com/global/security/security
http://www.nokia.com/global/security/acknowledgements


BlackBerry
secure@blackberry.com
https://www.blackberry.com/profile/?eventId=8322
http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html

Heroku
security@heroku.com
https://policy.heroku.com/security

Chargify
security@chargify.com
https://chargify.com/security

Zendesk
security@zendesk.com
http://www.zendesk.com/company/responsible-disclosure-policy

Lookout
security@lookout.com
https://www.lookout.com/responsible-disclosure

Puppetlabs
security@puppetlabs.com 
http://puppetlabs.com/security
https://puppetlabs.com/security/acknowledgments
https://puppetlabs.com/blog/responsible-disclosure-of-security-vulnerabilities

Gliph 
https://gli.ph/s/security.html

miércoles, 17 de julio de 2013

Technology News: Grave fallo de seguridad en Facebook que permite h...

Grave fallo de seguridad en Facebook que permite hackear cualquier perfil.


De nuevo el fantasma de la seguridad planea sobre Facebook, y esta vez puede tratarse de un fallo muy grave.

Al parecer, un bug en la plataforma (que todavía no ha sido arreglado por los desarrolladores de la compañía, según informa The Hacker News) permitiría a cualquiera hacerse con la cuenta de otro usuario en poco menos de 60 segundos.

La vulnerabilidad funciona de la siguiente forma: cuando una persona trata de abrir un perfil nuevo en la red social con una dirección de email que ya está siendo utilizada en la plataforma (por él o por otra persona), gracias a un exploit programado (y que podría encontrarse en la red), el ciberdelincuente podría lograr que Facebook le permitiese usar de nuevo la cuenta de correo ya en uso, lo que le daría acceso a la cuenta que ya está vinculada a este email.


Es decir, que con un pequeño programa malicioso que ha sido desarrollado, cualquiera podría hackear una cuenta de Facebook y hacerse con su control.

La voz de alarma la ha dado el experto en seguridad Dan Melamed y el equipo de seguridad de Facebook ha confirmado que está trabajando para resolver la incidencia lo antes posible, según The Hacker News.

En el siguiente vídeo se explica cómo se lleva a cabo el hackeo de una cuenta:



(Fuente | TreceBits)

Related Posts Plugin for WordPress, Blogger...