MEGA's Vulnerability Reward Program - Magzium
shravya | On 02, Feb 2013
Mega, after blocking Mega-Search.me, a third party search engine, has come-up with a reward program. Kim Dotcom, the founder of Mega is challenging anyone to report a previously unknown security-relevant bug or design flaw. He is offering a reward up-to 10,000 Euros depending on the threats complexity and impact potential. This entire program is aimed at improving MEGA’s security. This is an important aspect for MEGA to protect itself from governments and also because of using custom technology instead of an existing one. One potential disadvantage of using custom technology is that it requires extensive testing in order to flush out all vulnerabilities. Hence Mega is now crowd-sourcing to make sure that it’s protected from any and all dangers.
What types of bugs qualify?
- Remote code execution on any of our servers (including SQL injection)
- Remote code execution on any client browser (e.g., through XSS)
- Any issue that breaks our cryptographic security model, allowing unauthorized remote access to or manipulation of keys or data
- Any issue that bypasses access control, allowing unauthorized overwriting/destruction of keys or user data
- Any issue that jeopardizes an account’s data in case the associated e-mail address is compromised