Security Vulnerability Researching Acknowledgements
Security researching relates to exploring for vulnerabilities and exploits within websites with the sole intent discretely reporting these vulnerabilities to the company with the aim of protecting the user base as well as the company. As security and malware are strong interests of mine, security researching is an incredible practical source of knowledge as well as being increasing rewarding with each particular vulnerability I find and potentially the amount of users I’m able to keep protected by doing so.
Finding these vulnerabilities within massive company sites such as Microsoft and Apple, as well as the other mentioned below, all which support huge IT teams constantly updating and protecting the various services they offer for users is a challenging and time consuming hobby. They’re usually found when the code written isn’t secured properly and can be manipulated. It’s standard practice on securing code in this day and age, however, mistakes are still a rarity but not improbable.
I’ve developed this knowledge about vulnerabilities and consequences of them from various white hat hacking forums (essentially hackers that solely operate to protect users opposed to be malicious with their intent) and with this knowledge I know exactly how crafty and discrete malicious hackers can be with their malware and ways they target their victims. Firewalls and antivirus’ don’t detect malware that has been obfuscated effectively and leaves the user with a false sense of security and in reality they’re completely unaware they’re even infected.
As you could imagine these vulnerabilities range in a variety of severity and as well as the consequences that could potentially happen from them. The majority of the vulnerabilities I’ve found which I’ve listed below are focused on the primary target being users.
I’ve also done a lot of work with investigating local companies and organisations to develop my knowledge such as Optus, Telstra, The Herald Sun as well as RMIT.
I also took a hiatus in 2014 through to midway 2016 to focus on my studies which is why there is a lack of acknowledgements up until now. Below are the different acknowledgements I’ve received which support an online security researcher hall of fame which I’ve been mentioned in.
|Company||Vulnerability Type||Security Researcher Acknowledgement URL||Date|
|Microsoft||Cross-site Scripting (XSS)||https://technet.microsoft.com/en-us/security/cc308575.aspx||October 2012|
|Abobe||Cross-site Scripting (XSS)||https://helpx.adobe.com/security/acknowledgements.html||May 2013|
|Apple||Cross-site Scripting (XSS)||http://support.apple.com/kb/HT1318||June 2013|
|Oracle||Cross-site Scripting (XSS)||http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html||July 2013|
|AT&T||Cross-site Scripting (XSS)||https://bugbounty.att.com/hof.php||July 2013|