Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Blows $15K By Reporting Bug To Google

Posted by timothy on from the can't-win-'em-all dept.

CWmike writes "A security researcher lost a sure $15,000 at this week's Pwn2Own hacking contest because he had earlier reported the bug to Google, which has patched the vulnerability in its Android Market. 'I missed out money wise,' said Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software. 'But it was good that Google is rewarding researchers. And now I have my first Android vulnerability that qualified for a bounty.' Google cut a check to Oberheide for $1,337."

7 of 69 comments (clear)

  1. Good publicity by houstonbofh · · Score: 3, Informative

    He also got a lot more good press that he might have otherwise. Good for a starting up security company.

    1. Re:Good publicity by Anonymous Coward · · Score: 4, Informative

      No, Pwn2Own is white-hat - successful exploits are never published and full details are given to the developer. He only reported it beforehand because he mistakenly believed it wouldn't be a permitted exploit for the competition.

      If you read his comments on the matter he's more upset about not being able to embarrass Google with such a simple exploit than he is about the money.

  2. You Know... by CrazyDuke · · Score: 5, Insightful

    If google cut me a check for 1337 for infosec work, I'd want to keep it in my job portfolio for when potential clients or employers ask for a reference. ...just saying.

    --
    Any sufficiently advanced influence is indistinguishable from control.
    1. Re:You Know... by adisakp · · Score: 4, Insightful

      If google cut me a check for 1337 for infosec work, I'd want to keep it in my job portfolio for when potential clients or employers ask for a reference. ...just saying.

      Some banks like JP Morgan Chase now let you "deposit" a check by iPhone by taking a picture of the check.

      You could keep the original check in your portfolio while getting the cash as well :-)

  3. Re:1337 by Anonymous Coward · · Score: 5, Funny

    Does anybody else think the amount of money he received is interesting?

    (Glances at thread.) Pretty much everyone else, yeah.

  4. Poor post title by DuranDuran · · Score: 3, Insightful

    Get thee behind me, Satan - a better post title would have mentioned that Google actually rewarded the researcher's honesty. This is a great outcome for everyone, including Android users.

    --
    "You can justify anything by putting it in quotes, adding a famous name and making it a sig" - Albert Einstein
  5. Re:1337 by Pseudonym+Authority · · Score: 4, Interesting

    But more importantly, 1337% of pi is....... ~42