[OPLIN 4cast] OPLIN 4Cast #782: See something, say something...earn something?

OPLIN OPLIN support at oplin.ohio.gov
Wed Dec 22 10:43:34 EST 2021 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #782: See something, say something...earn something?
December 22nd, 2021

[image: Gear with magnifying glass finding bug on screen] Code is
vulnerable. You're probably aware of the vulnerability crisis in Log4j,
which the *Washington Post* calls "the most serious security breach ever
<https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java>."
That vulnerability was discovered as part of Minecraft's bug bounty
program—a deal that gives individuals recognition and payment to find and
report software bugs, particularly security exploits. This week, there is
news that US Government is launching a bug bounty program, and Meta
(Facebook) is offering bounties for those who find Facebook user data
posted openly on the web. How else might bounty programs help improve the
tech world?

   -
   - New "Hack DHS" program will pay up to $5,000 for discovered
   vulnerabilities
   <https://www.zdnet.com/article/new-hack-dhs-program-will-pay-up-to-5000-for-discovered-vulnerabilities/>
   [*ZDNet*] "The hope for programs like this one is to privately discover
   and patch holes without relying on external security researchers or random
   discoverers to do the scrupulous thing and inform the vendor/agency before
   releasing a vulnerability into the wild.
   - Teen hacker scoops $4,500 bug bounty for Facebook flaw that allowed
   attackers to unmask page admins
   <https://portswigger.net/daily-swig/teen-hacker-scoops-4-500-bug-bounty-for-facebook-flaw-that-allowed-attackers-to-unmask-page-admins>
   [*The Daily Swig*] "Many celebrities and huge personalities operate
   through Facebook pages, so if their personal Facebook account is disclosed
   then it’s like getting their personal phone numbers, which is a great
   problem to their privacy."
   - Meta expands bug bounty program to reward discoveries of scraped data
   <https://techcrunch.com/2021/12/15/meta-expands-bug-bounty-program-to-reward-discoveries-of-scraped-data/>
   [*TechCrunch*] "Researchers will be rewarded for finding 'unprotected or
   openly public databases containing at least 100,000 unique Facebook user
   records with personally identifiable information or sensitive data.'
   Instead of its usual payouts though, Meta says it will donate to a charity
   chosen by the researcher in order not to incentivize the publishing of
   scraped data."
   - An Ethics Bounty System Could Help Clean Up the Web
   <https://www.wired.com/story/big-tech-ethics-bug-bounty/> [*Wired*] "For
   users, a bounty system would encourage people to search for ethics
   violations and report them more quickly. For companies, this system could
   help them locate and address problems before they cause harm to more
   customers, generate negative press, and potentially destabilize
   governments."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Allison, Peter Ray. “Debugging Bug Bounty Programmes: Bug Bounty
   Programmes Have Become Popular, but Poor Programme Management Can Lead to
   Development Teams Becoming Overwhelmed and Bugs Being Missed
   <https://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=137105945&site=ehost-live>
   .” *Computer Weekly*, June 2019, pp. 21–26.
   - Bock, Lisa. "Bug bounty white hack hacking
   <https://www.linkedin.com/learning/ethical-hacking-vulnerability-analysis/bug-bounty-white-hat-hacking>."
   *Ethical Hacking: Vulnerability Analysis*. 28 April 2021.
   - Kerner, Sean Michael. “Bug Bounty Hackers Make More Money Than Average
   Salaries, Report Finds
   <https://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=127524870&site=ehost-live>
   .” *EWeek*, Jan. 2018, p. 1.

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast.

© 2021 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20211222/bdbfcd35/attachment.htm>

More information about the OPLIN4cast mailing list