Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Did they *pay* him? He kind of saved them, tipped them off to a complete compromise of their security infrastructure which was not trivial to discover. Looks like he got nothing in return for "doing the right thing". How insulting is that? What is their perception of someone walking in to their offices with this essential information? I guarantee his self image and their perception are very different. They see an overly caffeinated attention seeking "nerd" just handed them a 300k exploit in exchange for a gold star and then they ran like smeg to cover their asses and take all the credit internally. He feels like superman, goes home to his basement apt, microwaves some noodles and writes a blogpost. This is a perfect example why you never, never report a 0day.


Its Cox, probably lucky if they don't sue him for fixing their mistake


It happens. This is the type of revelation where heads roll and a scapegoat is very useful for the CSO, general liability of the company and PR.


Sam is a very famous security researcher, so I would be shocked if he wasn’t making upwards of $350,000 a year. These articles he writes make him a significant amount of money via reputation boost.


Cox don't pay bounties.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: