Skip to main content

Programmer hits the jackpot with United bug bounty program

Jordan Weins has become the first researcher to claim a huge miles bounty form United Airlines in return for reporting a remote-code execution error in their site.

Back in May United Airlines began offering mile rewards for reporting bugs in their online systems. The move was largely a response to criticism the airline faced after it booted a programs researcher off one of its flights. The boot was a punishment they saw fit when the researcher tweet about an exploit he found in the flights onboard systems. The mile rewards is offered in tiers depending on the severity of the issue found and of course reported.

Recommended Videos

United said it will reward the finding of “basic third-party issues affecting its systems with 50,000 miles, exploits that could jeopardize the confidentiality of customer information get 250,000 miles, and major flaws related to remote-code execution earn a maximum of 1,000,000 miles.” Other companies have also been known to offer bounties in an attempt to dissuade savvy programmers from taking advantage of flaws and instead turn them in for cash. The list includes heavy-weight tech names like Google, Facebook, and Yahoo!.

Related: Major bug grounded United flights, halted trading on NYSE

It was the first time that Weins had ever submitted to a bug bounty program, and he had no intention of receiving the grand prize. “There were actually two bugs that I submitted that I were pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified,” Wiens told the ThreatPost security blog. “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.” One can imagine his surprise when United Airlines contacted Weins and told him to check his account, wherein he found many a vacation waiting for him.

While the gesture is certainly good for United publicity, it may also serve as bait for future researchers to submit, hoping to get the grand prize. Best of luck to all the hackers out there.

Andre Revilla
Andre Revilla is an entrepreneur and writer based in Chicago that has been covering and working in the consumer tech space…
You can now view all of your ChatGPT-generated images in one place
ChatGPT library promotion video.

OpenAI did text generation and image generation separately for quite a while, but that all changed a couple of weeks ago when it added image capabilities directly into ChatGPT. Now, a small but powerful Quality of Life update gives users access to an image library where they can see all of the insane things they've created.

https://twitter.com/OpenAI/status/1912255254512722102

Read more
Don’t miss the chance to buy a 2TB Samsung SSD for only $130
The Samsung 990 Evo Plus SSD 2TB on a white background.

If you're building a new PC or thinking of upgrading your computer's storage, you're going to want to set your sights on the Samsung 990 Evo Plus SSD. The 2TB model, which originally sells for $177, is currently on sale from Samsung itself with a $47 discount, so you'll only have to pay $130. The demand for SSD deals is always high, so we don't think this offer will last long. If you want to take advantage of it, you're going to have to proceed with your transaction for this Samsung SSD immediately.

Why you should buy the Samsung 990 Evo Plus SSD 2TB

Read more
Patreon’s planned new services could make it a proper Twitch rival
A complete RODE X streaming setup,

Patreon has long provided a space for creatives in much the same way Twitch has, but with different connotations. Twitch is usually viewed as being strictly for gaming (although that isn't the case), while Patreon caters to a more artistic subset. The company just announced plans to launch a livestreaming service this summer that could position it as a true rival to Twitch, and it's currently undergoing extensive testing.

Patreon says it hopes the feature can "boost real-time fan engagement and provide new experiences to encourage free-to-paid member conversion." It's an ideal option for users that want to create video-based content, whether that's streaming their favorite video game or providing tutorials on specific crafts.

Read more