I got access to all of BitTorrent Inc's source code and sensitive documents

by simplyinfinity on 7/31/2013, 9:28 PM with 59 comments
  • by citricsquid on 7/31/2013, 10:48 PM

    Looks like he acquired login information, he didn't exploit some sort of major vulnerability that needed to be fixed which is generally what bug bounties seem to be for. He's insulted he didn't get paid for not being an asshole, what a strange world we live in. Facebook (or any other company) wouldn't pay out if one of their support staff accidentally made a random user an admin, why should this be any different.

  • by otterley on 7/31/2013, 11:05 PM

    I find the author's righteous indignation that he did not receive the ransom he thought he deserved amusing at best.

  • by fibbery on 7/31/2013, 10:57 PM

    Just because someone leaves their car door unlocked and you tell them about it, doesn't mean they are obligated to give you any of its contents.

  • by lukeman on 8/1/2013, 12:14 AM

    You got my hopes up that we'd finally be able to audit Bittorent Sync.

  • by GBiT on 7/31/2013, 10:48 PM

    You have to be proud of yourself for not abusing it no mater how they responded. You did right thing here. Hope Bitorrent Inc will fix this misunderstanding.

  • by 0x0 on 8/1/2013, 12:26 AM

    If one guy could accidentally stumble upon this, what are the chances others have too? Would it be possible or even likely that the source code or binaries or web servers or private keys have already been compromised or trojanized?

  • by EasyCo on 8/1/2013, 3:59 AM

    Some thoughts: From the perspective of the company, what kind of financial impact would they have suffered should that information have fallen in different (malicious) hands? Providing an adequate award not only shows appreciation but it sets a precedent should something similar happen again. The 'finder' who might otherwise usually go the malicious route will be more likely to do as MentalL has.

  • by on 7/31/2013, 11:11 PM

    undefined

  • by mrlinx on 8/1/2013, 12:45 AM

    By submitting this information to BT, he indeed closed a access point to all this data, thus reducing the likelyhood of it being badly used. Isn't this exactly why bounties were created? Because its better to give a few bucks and increase the system's security than to have it compromised for worse costs.

  • by hack_edu on 7/31/2013, 10:55 PM

    Stay classy!

  • by on 7/31/2013, 11:18 PM

    undefined

  • by jongraehl on 8/1/2013, 4:29 AM

    It's not the amount of money so much as the "so invoice us" attitude.

  • by jheriko on 8/1/2013, 12:30 PM

    whilst i agree they are ungrateful and inept i can't help but notice that you want a reward for doing the right thing?

    get over it... life isn't this nice, you are entitled to nearly nothing. deal.

  • by on 7/31/2013, 11:07 PM

    undefined