Monday, April 28, 2025

Latest
Bell Q3 Earnings: Massive Impairments. Guidance Cuts. A Mess.
Germany Looks To Modernize Military Recruitment But Stops Short of Conscription
Bitcoin Mining’s Reality Check: When a Coin Costs More Than It’s Worth
Alamos Gold Q3: Record Revenue & Production Amid Rising Costs
The Junior Mining Market Is Back
Barrick Gold’s Q3 Earnings: Is Guidance Shot?
Franco Nevada Q3 Earnings: The Road To Recovery
Saudi Arabia Weighs $100 Billion AI Investment Plan, Sources Say
Australia Proposes Ban on Social Media for Under-16s
Rising Renewals Could Trigger Wave of Home Listings in 2025
Search

Tag: bug bounty

X Refuses to Pay Bug Bounty On Critical Vulnerability, Kicks Out Whitehat Instead
JP Alegre
Friday, December 15, 2023, 03:42:00 PM

X is broke and broken, everyone seems to already know that. But is it broke because it’s broken, or broken because it’s broke? It seems the platform, under the helm of owner Elon Musk, just can’t keep itself from making bigger problems. Now, it’s refusing to pay whitehats in its bug bounty program.

One such whitehat is X user @rabbit_2333, who found an XSS vulnerability in the platform’s analytics subdomain that can basically let hackers take over any account. @rabbit_2333 claims that he reported the massive vulnerability but X dismissed the report, saying they’d known about it for a year and were already addressing it, adding it “decided that this report is not eligible for a bounty.”

This was when @rabbit_2333 decided that if X can shrug this bug report off, then he (or she) can break protocol and make the discovery public. 

Also, if X had known about it for a year and haven’t fixed it, then it must be not that big of a deal, right? After @rabbit_2333 posted about the vulnerability and it went around developer circles, Chaofan Shou, co-founder of the smart contract analysis platform Fuzz.Land, posted a demo of just how potentially critical the bug is.

Shortly after, X patched the vulnerability … and kicked @rabbit_2333 from their bug bounty program for violating the HackerOne code of conduct for posting about the vulnerability.

Bug bounty programs are a way for companies and developers to reward ethical hackers or whitehats for successfully discovering and reporting bugs or vulnerabilities. It lets companies, like X, privately engage the hacker community to, well, get the bugs out, and improve the security of their systems.

So if, especially at their stripped-down state with fewer developers, they’re no longer compensating ethical hackers — even for something as critical as the vulnerability that @rabit_2333 spotted — just imagine what else could go wrong.

But yeah, Musk thinks advertisers leaving is Media Matters’ and the mainstream media’s fault.

Information for this story was found via X, and the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.

Latest News
Bell Q3 Earnings: Massive Impairments. Guidance Cuts. A Mess.
Germany Looks To Modernize Military Recruitment But Stops Short of Conscription
Bitcoin Mining’s Reality Check: When a Coin Costs More Than It’s Worth
Alamos Gold Q3: Record Revenue & Production Amid Rising Costs
The Junior Mining Market Is Back
Barrick Gold’s Q3 Earnings: Is Guidance Shot?
Franco Nevada Q3 Earnings: The Road To Recovery
Saudi Arabia Weighs $100 Billion AI Investment Plan, Sources Say
Australia Proposes Ban on Social Media for Under-16s
Rising Renewals Could Trigger Wave of Home Listings in 2025
Video Articles

Bell Q3 Earnings: Massive Impairments. Guidance Cuts. A Mess.

Alamos Gold Q3: Record Revenue & Production Amid Rising Costs

The Junior Mining Market Is Back
Recommended

Germany Looks To Modernize Military Recruitment But Stops Short of Conscription

First Majestic Silver Posts Topline Revenue Of $146.1 Million In Q3 2024
Trending
© 2025
the deep dive
Welcome to The Deep Dive, where we focus on providing investors of Canadian junior stock markets the knowledge they need to make smart investment decisions. We take a closer look at all data relating to organizations to create quality stock analysis for investors. Not a recommendation to buy or sell securities. Always do additional research and consult a professional before purchasing a security.