<div dir="ltr"><div><div dir="ltr" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">

  
 

  
  
  

<table bgcolor="#ffffff" cellpadding="0" cellspacing="0" width="100%">

  <tbody>
    <tr>
      <td align="left" valign="top">
      <table cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td style="border-top:0px solid rgb(0,0,0);border-bottom:1px solid rgb(255,255,255);background-color:rgb(255,255,255);text-align:center" align="center"><span style="font-size:10px;color:rgb(96,96,96);line-height:200%;font-family:verdana;text-decoration:none">Email
not displaying correctly? <a href="http://www.oplin.org/4cast/" style="font-size:10px;color:rgb(0,0,255);line-height:200%;font-family:verdana;text-decoration:none" target="_blank">View
it in your browser.</a></span></td>
          </tr>
          <tr>
            <td style="border-top:0px solid rgb(51,51,51);border-bottom:0px solid rgb(255,255,255);background-color:rgb(255,255,255)">
            <center><a><img id="m_8935994570407650090editableImg1" src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/4cast_email_header.png" title="OPLIN" alt="OPLIN 4Cast" align="middle" border="0"></a></center>
            </td>
          </tr>
        </tbody>
      </table>
      <table style="width:763px;height:877px" bgcolor="#ffffff" cellpadding="20" cellspacing="0">
        <tbody>
          <tr>
            <td style="font-size:12px;color:rgb(0,0,0);line-height:150%;font-family:'Gothic Sans',sans-serif" bgcolor="#ffffff" valign="top">
            <p>
            <span style="font-size:20px;font-weight:bold;color:rgb(0,0,0);font-family:arial;line-height:110%">OPLIN 4Cast #782: See something, say something...earn something?</span><br>
 <span style="font-size:11px;font-weight:normal;color:rgb(102,102,102);font-style:italic;font-family:arial">December 22nd, 2021</span></p>

            <p style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><img align="left" src="https://4cast.oplin.org/wp-content/uploads/2021/12/scan-3963099_960_720.jpg" alt="Gear with magnifying glass finding bug on screen" width="188" height="94" style="padding-right:14px;padding-top:4px;padding-bottom:4px">

Code is vulnerable. You're probably aware of the vulnerability crisis in Log4j, which the <em>Washington Post</em> calls "<a href="https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java" target="_blank">the most serious security breach ever</a>." That vulnerability was discovered as part of Minecraft's bug bounty program—a deal that gives individuals recognition and payment to find and report software bugs, particularly security exploits. This week, there is news that US Government is launching a bug bounty program, and Meta (Facebook) is offering bounties for those who find Facebook user data posted openly on the web. How else might bounty programs help improve the tech world?
</p><ul>
<li style="list-style-type:none">
              </li><li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://www.zdnet.com/article/new-hack-dhs-program-will-pay-up-to-5000-for-discovered-vulnerabilities/" target="_blank">New "Hack DHS" program will pay up to $5,000 for discovered vulnerabilities</a> [<em>ZDNet</em>] "The hope for programs like this one is to privately discover and patch holes without relying on external security researchers or random discoverers to do the scrupulous thing and inform the vendor/agency before releasing a vulnerability into the wild.</li>
              <li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://portswigger.net/daily-swig/teen-hacker-scoops-4-500-bug-bounty-for-facebook-flaw-that-allowed-attackers-to-unmask-page-admins" target="_blank">Teen hacker scoops $4,500 bug bounty for Facebook flaw that allowed attackers to unmask page admins</a> [<em>The Daily Swig</em>] "Many celebrities and huge personalities operate through Facebook pages, so if their personal Facebook account is disclosed then it’s like getting their personal phone numbers, which is a great problem to their privacy."</li>
              <li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://techcrunch.com/2021/12/15/meta-expands-bug-bounty-program-to-reward-discoveries-of-scraped-data/" target="_blank">Meta expands bug bounty program to reward discoveries of scraped data</a> [<em>TechCrunch</em>] "Researchers will be rewarded for finding 'unprotected or openly public databases containing at least 100,000 unique Facebook user records with personally identifiable information or sensitive data.' Instead of its usual payouts though, Meta says it will donate to a charity chosen by the researcher in order not to incentivize the publishing of scraped data."</li>
              <li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://www.wired.com/story/big-tech-ethics-bug-bounty/" target="_blank">An Ethics Bounty System Could Help Clean Up the Web</a> [<em>Wired</em>] "For users, a bounty system would encourage people to search for ethics violations and report them more quickly. For companies, this system could help them locate and address problems before they cause harm to more customers, generate negative press, and potentially destabilize governments."</li>
            </ul>

            <div style="text-align:left"> </div>
            <p style="text-align:left;font-size:20px;font-family:arial;line-height:110%"><small><strong><em>From the <a href="http://ohioweblibrary.org" target="_blank">Ohio Web Library</a>:</em></strong></small><br>
            </p>
            <div style="text-align:justify;font-size:16px;font-family:arial;line-height:110%">
<ul>
<li>Allison, Peter Ray. “<a href="https://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=137105945&site=ehost-live" target="_blank">Debugging Bug Bounty Programmes: Bug Bounty Programmes Have Become Popular, but Poor Programme Management Can Lead to Development Teams Becoming Overwhelmed and Bugs Being Missed</a>.” <em>Computer Weekly</em>, June 2019, pp. 21–26. </li>
<li>Bock, Lisa. "<a href="https://www.linkedin.com/learning/ethical-hacking-vulnerability-analysis/bug-bounty-white-hat-hacking" target="_blank">Bug bounty white hack hacking</a>." <em>Ethical Hacking: Vulnerability Analysis</em>. 28 April 2021.</li>
<li>Kerner, Sean Michael. “<a href="https://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=127524870&site=ehost-live" target="_blank">Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds</a>.” <em>EWeek</em>, Jan. 2018, p. 1.</li>
</ul>
</div>
            <div style="text-align:left"> </div>
 </td>
          </tr>
          <tr>
            <td valign="top" width="760"><span style="font-size:10px;color:rgb(96,96,96);line-height:100%;font-family:verdana">
            <hr>
            <div style="text-align:justify">The <strong><em>OPLIN
4cast</em></strong>

is a weekly compilation of
recent headlines, topics, and trends that could impact public
libraries. You can subscribe to it in a variety of ways, such as: <br>
            </div>
            <div style="text-align:left"> </div>
            <ul>
              <li style="text-align:justify"><strong>RSS feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following URL:
<a href="http://www.oplin.org/4cast/index.php/?feed=rss2" target="_blank">http://www.oplin.org/4cast/index.php/?feed=rss2</a>. </li>
              <li style="text-align:justify"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and OPLINtech) by subscribing to
the 4cast mailing list at
<a href="http://lists.oplin.org/mailman/listinfo/OPLIN4cast" target="_blank">http://lists.oplin.org/mailman/listinfo/OPLIN4cast</a>. </li>
            </ul>
            </span> </td>
          </tr>
          <tr>
            <td style="text-align:center;font-family:'Century Gothic',sans-serif;border-top:0px solid rgb(255,255,255);background-color:#2c4587;color:#fff" valign="top" width="760">© 2021 Ohio Public Library Information Network<br>
                <a href="http://www.slideshare.net/oplin" title="Find us on Slideshare" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/slideshare3.png" alt="Find us on Slideshare"></a> 
                <a href="http://www.facebook.com/oplin.org" title="Find us on Facebook" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/facebook_0.png" alt="Find us on Facebook"></a> 
                <a href="https://plus.google.com/107751358238995507967" title="Find us on Google+" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/google+.png" alt="Find us on Google+"></a> 
                <a href="http://www.twitter.com/oplin" title="Find us on Twitter" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/twitter_0.png" alt="Find us on Twitter"></a> 
            </td>
          </tr>
        </tbody>
      </table>
      </td>
    </tr>
  </tbody>
</table>


</div></div></div></div></div></div></div></div>