April 6th, 2021

(no subject)

A trending link on Hacker News is to a blog post by a guy who checked Github Pages for security vulnerabilities, found some high-risk ones, and received $35,000 in bug bounty money. The guy identifies as a security researcher and a programmer. He was also, at the time of discovering those vulnerabilities, a high-school student, 17 years old or thereabouts.

The github's bug bounty program had been announced on the site called hackerone; so I looked it up. There are some education materials for would-be hackers there, among which I found a charming video about looking for front-end vulnerabilities, which gives an interesting insight into a hacker's mind. The host of that show, a self-identified hacker, admits about himself (at around 9:25) that he is a "non-code person". He also doesn't seem to have ever worked with browser dev tools — instead, he's been using something called burp for hacking.