Computing A Bug-Hunting Hacker Says He Makes $250,000 a Year in Bounty

He probably does, but you shouldn’t quit your day job.

by Michael Reilly August 22, 2016

It seems like easy money. If you like tinkering with software, some big players in the tech world have a job for you: bug bounty hunter. At least one hacker says he can clear $250,000 a year by doing something that “comes easily”: hunting down vulnerabilities in computer code and then letting the software’s owner know about it.

Bug bounty programs have been around since 1995, but they’ve really taken off in the last few years, after Google and Facebook launched their initiatives in 2010 and 2011. Microsoft, Samsung, Uber, and Tesla (which pays for bugs found in its cars’ software) all have cash-for-bugs schemes. Apple, which was a holdout until earlier this month—and faced criticism for it—now says it will pay up to $200,000 per bug, but you have to be invited. Even the U.S. government got in on the trend earlier this year, with its Hack the Pentagon program.

hackthepentagon
Secretary of Defense Ash Carter discusses the results of the “Hack the Pentagon” program.
It can seem like a dream career:

Finding a vulnerability or hack “feels exciting, because you are the first person in the world to discover it. It feels good to know that you are somewhere no one else has been,” said Francisco Correa, a 30-year-old bounty hunter who also works with HackerOne.

Correa, who has a beachfront apartment in Chile which he’s fitted out with fiber-optic Internet, began working four years ago with Google’s bug bounty program, and was quickly finding vulnerabilities for Adobe and Microsoft as well.

But the reality is a little more complicated. While a few white-hat hackers probably do laugh all the way to the bank, there is at least some testimony that suggests it’s anything but easy street. As the bug bounty boom was underway in 2014, for example, a post on Reddit gave the impression—both from a would-be bounty hunter’s perspective and a commenter who claimed to run a bug bounty program—of a scrappy, workaday existence that doesn’t pay very well. Less of a path to riches than a desk job in the gig economy.

The claim for the $250,000-a-year salary came from an article in the Guardian on Monday, which ran with the headline “Bounty hunters are legally hacking Apple and the Pentagon—for big money.” It follows the exploits of Nathaniel Wakelam, a 21-year-old who appears to earn a fortune working out of coffee shops.

He probably does. There are other eye-opening numbers as well. Wakelam says a 24-hour bug-hunting binge brought in $3,000, for example. Not bad for a day’s work. Facebook recently paid $10,000 for an Instagram bug—to a 10-year-old.

But the article also says that Bugcrowd, a third-party firm that helps connect companies with bug hunters, has gotten over 50,000 bug submissions in its three years of existence and paid out in excess of $2 million. That would be about $40 per bug submission, but only a small fraction of submissions result in payouts, and the company says the average is about $300. Enough, perhaps, for some money on the side, but it won’t leave many people rolling in dough.

(Read more: The Guardian, “Apple Opens Up iPhone Code in What Could Be Savvy Strategy or Security Screwup,” “Online and Self-Employed”)

Advertisements

2021’s Autonomous Cars

uberx2000

Robotics

Prepare to be Underwhelmed by 2021’s Autonomous Cars

Ford, Uber, and BMW promise fully self-driving cars in five years—but they will probably only work in very limited areas.

by Tom Simonite August 23, 2016

BMW, Ford, and Uber have all recently said they plan to have “fully autonomous” cars ready to drive themselves on the road in 2021 (see “2021 May Be the Year of the Fully Autonomous Car”). Ford says its fleet of vehicles will lack steering wheels and offer a robotic taxi service.

But don’t expect to toss out your driver’s license in 2021. Five years isn’t long enough to create vehicles good enough at driving to roam extensively without human input, say researchers working on autonomous cars. They predict that Ford and others will meet their targets by creating small fleets of vehicles limited to small, controlled areas.
A Volvo SUV with automated driving technology developed by Uber.
“Probably what Ford would do to meet their 2021 milestone is have something that provides low-speed taxi service limited to certain roads—and don’t expect it to come in the rain,” says Steven Shladover of the University of California, Berkeley, who has worked on automated driving for more than 20 years.

Shladover says many media outlets and members of the public are overinterpreting statements from Ford and other companies that are less specific than they appear. The dream of being able to have a car drive you wherever you want to go in the city, country, or continent remains distant, he says. “It ain’t going to be five years,” says Shladover. “The hype has gotten totally out of sync with reality.”

Alain Kornhauser, a Princeton professor and director of the university’s transportation program, also expects 2021’s vehicles to be very restricted. “By then we may be able to define [a] ‘fenced’ region of space where we can in fact let cars out there without a driver,” he says. “The challenge will be making that fenced-in area large enough so that it provides a valuable service.”

The chief technologist on Google parent Alphabet’s self-driving car project said at MIT Technology Review’s EmTech Digital conference in May that he expected the vehicles to come to certain urban pockets first. He didn’t elaborate on how limited they would be, or how quickly it would be possible to expand their range.
One of the main reasons that Shladover and Kornhauser believe 2021’s robotic fleets will be more limited than some people expect is the difficulty that software has understanding the world.

Computers can react to things much faster than a human, and self-driving cars’ sensors can look in many directions at once. But software is at a significant disadvantage when it comes to interpreting what it “sees” to identify and understand objects and situations, such as a traffic cop gesturing in the road. Nor is software very good at planning how to deal with out-of-the-ordinary situations.

Jeffrey Miller, an associate professor at the University of Southern California, says figuring out how sensors limit the situations a vehicle can reliably handle on its own is one of the most crucial challenges for companies working on autonomous driving.

The crash earlier this year that killed a driver using a Tesla sedan’s Autopilot feature underlines the problem, says Miller. Tesla said the car’s sensors did not detect the side of the tractor trailer it ran into.

Because the real world and its roads are a complicated place, it will take a lot of testing to be sure that automated driving technology has run up against all the scenarios it needs to handle to be reliable, says Miller.

Weather is also a problem for automated cars. Rain, snow, and hail challenge the laser-based lidar sensors that many prototypes rely on to track their surroundings in 3-D, for example.

Professional Thermal Camera Drone – Flir A65

Professional Drones News

I ve discovered this new made in Italy drones, that seems to satisfy radiometric features really well. The drone, mount a Flir A65  with radiometric sensor and have the ability to record .fff file where you can explore all radiometric image data.

drone

I ve seen a test in Bergamo, and drones seems to satisfy all the promise. Once recorded data can be edited with flir tools or with Horus Dynamics software. In comparison with other tested model seems to be the best of his category, expecially for design.

View original post