June 29, 2021 07:08 PM
Aditi Singh, a 20-year-old ethical hacker from Delhi, has won a reward of $30,000 (approximately Rs 22 lakh) for spotting a bug in Microsoft’s Azure cloud system. Aditi, who found a similar bug in Facebook just two months back and won a bounty of $7500 (approximately over Rs 5.5 lakh), says that both companies had a remote code execution (RCE) bug, which is a relatively new bug and is currently not being paid much attention to.
Through such bugs, hackers can get access to internal systems and the information they hold. Aditi notes that it is not easy spotting bugs and that ethical hackers have to stay on top of their game about new bugs, so they can report about them and still be eligible for their payouts.
“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” says Aditi, who spotted the RCE bug two months back and said that the tech giant took two months to respond as they were checking if anybody had downloaded the insecure version.
Before even starting to find a bug, people should ask the support team of that company and ask if there is a bounty program of that particular company, and once that company confirms that there is such a program, people should go ahead.
Bug bounty Azure cloud system hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are rewarded with cash.
Talking about the RCE bug, Aditi noted that the developers wrote the code directly when they should have the first download a Node Package Manager — which is a subsidiary of GitHub where anybody can access the codes from these companies as they are open-sourced. “Developers should write codes only after they have the NPM,”.