MEGA's Vulnerability Reward Program - Magzium

shravya | On 02, Feb 2013

Mega, after blocking Mega-Search.me, a third party search engine, has come-up with a reward program. Kim Dotcom, the founder of Mega is challenging anyone to report a previously unknown security-relevant bug or design flaw. He is offering a reward up-to 10,000 Euros depending on the threats complexity and impact potential. This entire program is aimed at improving MEGA’s security. This is an important aspect for MEGA to protect itself from governments and also because of using custom technology instead of an existing one. One potential disadvantage of using custom technology is that it requires extensive testing in order to flush out all vulnerabilities. Hence Mega is now crowd-sourcing to make sure that it’s protected from any and all dangers.

What types of bugs qualify?

Remote code execution on any of our servers (including SQL injection)
Remote code execution on any client browser (e.g., through XSS)
Any issue that breaks our cryptographic security model, allowing unauthorized remote access to or manipulation of keys or data
Any issue that bypasses access control, allowing unauthorized overwriting/destruction of keys or user data
Any issue that jeopardizes an account’s data in case the associated e-mail address is compromised

There are a few special case scenario and brute force challenges too that he is offering. Only the first finder of the bug is eligible for the prize money. So hurry up and mail your findings to [email protected] For further details you may visit their official blog here.