Business Unusual

Bug bounty hunters, bringing law and order to the web's wild west

When the World Economic Forum announced that we are heading into the 4th Industrial Revolution, the focus was on the many jobs at risk of being replaced by machines.

The flip side is that the change will also create jobs we have not had before. One of those is as a bug bounty hunter. They are freelance programmers and security enthusiasts that try to find vulnerabilities in software and operating systems.

A recent exploit discovered by a programmer in India found that there was a simple way to request access to anyone’s Facebook account, gaining access to their private photos and other personal information including banking details if cards had been associated with the account. For reporting the issue to Facebook he was awarded $15 000 (R240 000).

He might have stood to make a lot more if he sold that information to criminal hackers.

A brief history

Initially computer systems were written and used within companies with only a few staff having access. The systems, while cutting edge for their time, did not really offer much reward for someone if if they did hack it.

Microsoft was one of the first to create software intended to be used by millions of users on millions of machines, many while connected to the internet. The volume of people using the system on a wide range of machines often resulted in a “blue screen of death” when the code encountered a situation it did not know how to deal with. The solution was to turn off the machine and turn it on again (still a popular option when something goes wrong).

They then devised a system that would alert them when something unintended happened setting up the need for patches, fixes and updates we know so well now.

Back to the future and software has become a lot more powerful and responsible for looking after almost every aspect of our lives. It would be almost impossible to release software that did not have some unintended situation to deal with so the effort is placed in fixing the issues as they are noticed rather than to create something that is perfect.

The bounty hunters

The race to find those issues is shared between the software creators using the software itself to report issues, from users (often unhappy to discover the fault), hackers looking to exploit the issue for their benefit and the bug hunters, who enjoy being able to use their skills to contribute to the improvement of software.

It is a powerful sentiment in the coding community with the premise that open source software using a collective effort can build something that is free for everyone to use. The best known open source system is Android which is the operation system for a growing number, if not most, mobile phones. It is based on Linux, one of the original operating systems and the most common system used by the servers connecting the planet’s network of computers.

Some systems are considered so crucial to the smooth operation of the internet that a special panel has been created to manage the tracking of security issues affecting those systems and rewards those that contribute to improving it via the Internet Bug Bounty.

But there are many more companies that welcome the contributions and those programs are listed via others such as Bug Crowd.

The biggest bug of all

Average users might wonder why so much complicated programming is needed to achieve relatively simple tasks. And despite lots of warnings users also tend to absolve themselves for taking a more active part in understanding how a system works and how it can be exploited.

This is the primary weakness those looking to compromise a system for criminal or malicious reasons target, trusting that as the systems get more sophisticated the users remain relatively naive.

Consider a scenario of someone needing to move goods around inside a shop. He might use a trolley. Loading it up and pushing it where it needs to go solves his problem. In time the need arises to move items between shops and a trolley is replaced with a delivery vehicle. You would not argue as you are still simply moving goods; you do not need licence to use the vehicle.

Early phones were like trolleys; the thing in your pocket is a delivery vehicle. When used correctly a huge convenience but, when you are unaware of how it can be used, a significant hazard.

The best way to avoid becoming a cyber-security statistic is understanding a little more about how you connect with the world digitally.

Forget remembering passwords, get a password manager. Use a different login for each site while only remembering the login for the password manager.

Don’t follow links from emails to site that require a login. Check a site’s safety first when using a desktop PC via Google.

Following the simple steps above will allow bug bounty hunters to focus on the bugs that make the software work better not the ones that you unknowingly gift to cyber criminals.

If you wondered why they are called "bugs", read this.


Recommended

by NEWSROOM AI
Read More
A tipping point for video conferencing

A tipping point for video conferencing

A business tool for older generations, a staple for younger ones

Innovation in a time of crisis

Innovation in a time of crisis

A collection of stories about how to do business in very unusual times

Writing the operating manual for humans

Writing the operating manual for humans

Tech companies are looking to take data collection to a new level and it’s not to sell ads.

Using cat videos to get you to Mars

Using cat videos to get you to Mars

SpaceX is looking to fund its trips to Mars by building an internet company

What your business can do to deal with a potentially unusual 2020 flu season

What your business can do to deal with a potentially unusual 2020 flu season

It is an issue every year, but with Covid-19 still spreading, this flu season will be an unusual one.

$7 trillion could save the world but not in the way you might think

$7 trillion could save the world but not in the way you might think

A billionaire asset fund manager has told global CEO’s to focus on climate change.

Popular articles
No traffic and everyone’s at home… Some short-term insurers offer lower premiums

No traffic and everyone’s at home… Some short-term insurers offer lower premiums

Short-term insurers suddenly carry a massively reduced risk burden, says consumer journalist Wendy Knowler. Getting some back?

A tipping point for video conferencing

A tipping point for video conferencing

A business tool for older generations, a staple for younger ones

Total number of positive coronavirus cases rises to 1,380

Total number of positive coronavirus cases rises to 1,380

This is an increase of 27 cases from Tuesday's announcement. Health Minister Zweli Mkhize has tested negative for the virus.

What is an 'economic depression'? Are we heading for one? Lessons from history…

What is an 'economic depression'? Are we heading for one? Lessons from history…

The Great Depression started 91 years ago and changed everything. Bruce Whitfield speaks to economic historian Keith Breckenridge.

Sars collects R1.4tr in taxes – up 5.3% on a year before, despite the recession

Sars collects R1.4tr in taxes – up 5.3% on a year before, despite the recession

Despite the achievement, the country still lost R100 billion in uncollected taxes, says Commissioner Edward Kieswetter.

Struggling to pay a debt? Your options: credit insurance vs debt relief holiday

Struggling to pay a debt? Your options: credit insurance vs debt relief holiday

Personal Finance expert Maya Fischer-French on the pros/cons of dipping into credit insurance vs opting for a debt relief holiday.

Absa launches extensive Covid-19 payment relief programme

Absa launches extensive Covid-19 payment relief programme

Absa is providing payment relief to its retail clients as well as its business banking and wealth customers.

'Gita Ramjee was probably one of the most remarkable women you would have met'

'Gita Ramjee was probably one of the most remarkable women you would have met'

The revered South African HIV scientist passed away at a Durban hospital on Tuesday after COVID-19-related complications.

[LOCKDOWN] Sars outlines measures to cushion the COVID-19 blow

[LOCKDOWN] Sars outlines measures to cushion the COVID-19 blow

Commissioner Edward Kieswetter says they have diverted customers to their online channels and contact centres.

How to communicate with frustrated children during lockdown

How to communicate with frustrated children during lockdown

Fair Practice Mediation Services director advocate Veerash Srikison says communication can breakdown in families during this time.