• PayPal denies teenager reward for finding website bug
    19 replies, posted
[quote]A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website. Robert Kugler said he notified PayPal of the vulnerability on May 19. He said he was informed by email that because he is under 18 years old, he did not qualify for its Bug Bounty Program. He will turn 18 next March. PayPal, which is owned by auction site eBay, outlines the terms and conditions for its Bug Bounty Program on its website, but does not appear to have an age guideline. PayPal officials did not have an immediate comment. Many companies such as Google and Facebook have reward programs. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to release fixes before hackers take advantage of flaws. Facebook pays a minimum of $500 for qualifying bugs, while Google pays from $100 up to $20,000 depending on the severity of the issue. Neither has an age restriction listed on their websites. Microsoft does not pay for security vulnerability information, but instead publicly acknowledges the work. PayPal does not list what it will pay a researcher for a bug. Kugler is listed as a contributor in a Microsoft list from April of security researchers. He said he received rewards for finding vulnerabilities in the past. Mozilla paid him $1,500 for finding a problem in the Firefox browser last year and $3,000 earlier this year for another bug. PayPal requires that those reporting bugs have a verified PayPal account. Kugler said he asked PayPal that any bounty be paid into his parent's account. At minimum, Kugler would like PayPal to acknowledge his finding and send him some documentation "that I can use in a job application," he wrote via email. So far, he hasn't received anything. The details of the vulnerability, a cross-site scripting flaw (XSS), is posted on Full Disclosure section Seclists.org, a forum for disclosing security vulnerabilities. An XSS attack occurs when a script drawn from another Web site is allowed to run but should not. The type of flaw can be used to steal information or potentially cause other malicious code to run.[/quote] [url=http://www.pcworld.com/article/2039940/paypal-denies-teenager-reward-for-finding-website-bug.html]Source[/url] And they'll get away with it! Greedy cunts. Next person will exploit a bug.
Doesn't surprise me. PayPal is a terrible company.
Eh, he got enough money already.
That's a good message to send to people kind enough not to sell those vulnerabilities for boatloads of money.
[QUOTE=DaWhatTheFox;40813919]Eh, he got enough money already.[/QUOTE] No such thing as "enough money". He should get the reward because he deserves it. PayPal are dicks
Well this won't encourage the next person who finds an issue to point it out to them.
Someone should start a fund raiser to compensate people for the bullshit paypal pulls.
Next time exploit it and steal everyone's money. Let's see how that makes paypal feel.
[QUOTE=ultra_bright;40813956]Someone should start a fund raiser to compensate people for the bullshit paypal pulls.[/QUOTE] You would have to donate Fort Knox for this to work
No good deed goes unpunished
[QUOTE=DrDevil;40813957]Next time exploit it and steal everyone's money. Let's see how that makes paypal feel.[/QUOTE] i'm sure they'll be happy to sue you all the way to hell and back
Hopefully he finds another bug and exploits it for the money he deserves.
Rewarding one person isn't even pocket money for them.
[QUOTE=Talishmar;40814128]Rewarding one person isn't even pocket money for them.[/QUOTE] They could easily pay it with one of the countless funds they froze.
I long for the day when somebody just fucks paypals shit up.
Fucking PayPal, one of the worst companies you'll ever deal with.
While I hate Paypal with passion, they probably have legal reasons for this. I have no idea in this particular case, there are plentiful laws to prevent child labour which might get them in trouble even like this. If they were any solid they would promise to give him his bounty on his birthday or something.
[QUOTE=Awesomecaek;40814346]While I hate Paypal with passion, they probably have legal reasons for this. I have no idea in this particular case, there are plentiful laws to prevent child labour which might get them in trouble even like this. If they were any solid they would promise to give him his bounty on his birthday or something.[/QUOTE] What country doesn't allow a 17 year old to earn a salary?
Well thats a great way of encouraging people to reveal bugs. Next time he'll tell criminals, they would be more trustworthy.
Sorry, you need to Log In to post a reply to this thread.