Business Unusual

Bug bounty hunters, bringing law and order to the web's wild west

When the World Economic Forum announced that we are heading into the 4th Industrial Revolution, the focus was on the many jobs at risk of being replaced by machines.

The flip side is that the change will also create jobs we have not had before. One of those is as a bug bounty hunter. They are freelance programmers and security enthusiasts that try to find vulnerabilities in software and operating systems.

A recent exploit discovered by a programmer in India found that there was a simple way to request access to anyone’s Facebook account, gaining access to their private photos and other personal information including banking details if cards had been associated with the account. For reporting the issue to Facebook he was awarded $15 000 (R240 000).

He might have stood to make a lot more if he sold that information to criminal hackers.

A brief history

Initially computer systems were written and used within companies with only a few staff having access. The systems, while cutting edge for their time, did not really offer much reward for someone if if they did hack it.

Microsoft was one of the first to create software intended to be used by millions of users on millions of machines, many while connected to the internet. The volume of people using the system on a wide range of machines often resulted in a “blue screen of death” when the code encountered a situation it did not know how to deal with. The solution was to turn off the machine and turn it on again (still a popular option when something goes wrong).

They then devised a system that would alert them when something unintended happened setting up the need for patches, fixes and updates we know so well now.

Back to the future and software has become a lot more powerful and responsible for looking after almost every aspect of our lives. It would be almost impossible to release software that did not have some unintended situation to deal with so the effort is placed in fixing the issues as they are noticed rather than to create something that is perfect.

The bounty hunters

The race to find those issues is shared between the software creators using the software itself to report issues, from users (often unhappy to discover the fault), hackers looking to exploit the issue for their benefit and the bug hunters, who enjoy being able to use their skills to contribute to the improvement of software.

It is a powerful sentiment in the coding community with the premise that open source software using a collective effort can build something that is free for everyone to use. The best known open source system is Android which is the operation system for a growing number, if not most, mobile phones. It is based on Linux, one of the original operating systems and the most common system used by the servers connecting the planet’s network of computers.

Some systems are considered so crucial to the smooth operation of the internet that a special panel has been created to manage the tracking of security issues affecting those systems and rewards those that contribute to improving it via the Internet Bug Bounty.

But there are many more companies that welcome the contributions and those programs are listed via others such as Bug Crowd.

The biggest bug of all

Average users might wonder why so much complicated programming is needed to achieve relatively simple tasks. And despite lots of warnings users also tend to absolve themselves for taking a more active part in understanding how a system works and how it can be exploited.

This is the primary weakness those looking to compromise a system for criminal or malicious reasons target, trusting that as the systems get more sophisticated the users remain relatively naive.

Consider a scenario of someone needing to move goods around inside a shop. He might use a trolley. Loading it up and pushing it where it needs to go solves his problem. In time the need arises to move items between shops and a trolley is replaced with a delivery vehicle. You would not argue as you are still simply moving goods; you do not need licence to use the vehicle.

Early phones were like trolleys; the thing in your pocket is a delivery vehicle. When used correctly a huge convenience but, when you are unaware of how it can be used, a significant hazard.

The best way to avoid becoming a cyber-security statistic is understanding a little more about how you connect with the world digitally.

Forget remembering passwords, get a password manager. Use a different login for each site while only remembering the login for the password manager.

Don’t follow links from emails to site that require a login. Check a site’s safety first when using a desktop PC via Google.

Following the simple steps above will allow bug bounty hunters to focus on the bugs that make the software work better not the ones that you unknowingly gift to cyber criminals.

If you wondered why they are called "bugs", read this.


This article first appeared on 702 : Bug bounty hunters, bringing law and order to the web's wild west


Recommended

by NEWSROOM AI
Read More
The businesses that boomed and went bust on Business Unusual

The businesses that boomed and went bust on Business Unusual

Predictions, products and personalities featured in "Business Unusual" in the last three years.

TED, three letters with a plan to change the world

TED, three letters with a plan to change the world

TED talks are like a Wikipedia of transformative ideas. Now they plan to turn ideas into action.

TVs are becoming so good, our eyes may not be able to perceive the improvements

TVs are becoming so good, our eyes may not be able to perceive the improvements

When technology exceeds humanity's' capacity to use it

Surviving disruption - two global brands that dodged the bullet

Surviving disruption - two global brands that dodged the bullet

Disruption almost killed a 70-year-old toy company and a 250-year-old publisher.

Three moonshots that could change the world

Three moonshots that could change the world

A material that could turn friction into fiction; a bee to end our dependence on plastic and a single atom transistor.

To buy or not to buy? That is the question

To buy or not to buy? That is the question

The pros and cons of subscribing to versus buying digital content.

Popular articles
'The EFF seems to be trying to find scapegoats'

'The EFF seems to be trying to find scapegoats'

Deputy Editor at Financial Mail, Sikhonathi Mantshantsha, seems to be finding excuses as to why its leaders are in trouble.

I worked for that money! - Robert Madzonga (VBS shareholder Vele Investments)

I worked for that money! - Robert Madzonga (VBS shareholder Vele Investments)

The Money Show’s Bruce Whitfield interviews Madzonga, who claims innocence and that Chairperson Tshifhiwa Matodzi lied to him.

The sun sets on Zimbabwe’s new dawn as inflation hits 155%

The sun sets on Zimbabwe’s new dawn as inflation hits 155%

Here we go again… The Money Show’s Bruce Whitfield interviews Africa Connected Host Lee Kasumba.

'Clicks false-positive pregnancy tests causes a lot of heartbreak'

'Clicks false-positive pregnancy tests causes a lot of heartbreak'

Some of the women who used these tests shared their heartbreaking stories with Business Insider Online.

Tax payers could go back to filing returns manually if Sars system not fixed

Tax payers could go back to filing returns manually if Sars system not fixed

Marc Sevitz of Tax Tim says it is scary to think the system might collapse and taxpayers will have to file manually.

[WATCH] Hilarious little girl tells mom that she needs a boyfriend

[WATCH] Hilarious little girl tells mom that she needs a boyfriend

Khabazela shares some of the most popular tweets, posts, and videos on 'What's gone viral'.

VBS gave Zuma R8.5m before any security was provided for loan - News 24 journo

VBS gave Zuma R8.5m before any security was provided for loan - News 24 journo

News 24 investigative journalist Kyle Cowan reports that Zuma was granted the loan despite the fact that he could not afford it.

Let your nose decide if docci claims into perfume industry are true

Let your nose decide if docci claims into perfume industry are true

Claims have been made that the perfume industry don't want consumers to know the real cost of making these products.