PayPal refuses to pay 17-year-old security researcher
When Robert Kugler reported a bug to PayPal, he was hoping to get paid as part of the company's bounty program. But the eBay-owned company rebuffed him. He was 17—underage.
On May 19, Kugler, a security researcher from Germany, notified PayPal of a cross-site scripting (XSS) flaw that would permit anyone who exploited it to steal sensitive information. For a site that deals in financial transactions, this is not an insignificant vulnerability.
According to PC World, eBay officials notified Kugler via email that because he was under 18, he was in violation of its guidelines for security researchers. It's worth noting the company's site doesn't actually mention the age restriction.
For his part, Kugler believes PayPal's actions are setting a bad precedent and that they'll only discourage others from finding and reporting vulnerabilities.
"It’s not the best idea when you're interested in motivated security researchers," he wrote in his report on security researcher site Seclist.org.
UPDATE: PayPal denies that Kugler's age was at issue. Actually, another researcher beat him to the punch. Here's the company's statement:
In this specific situation, the cross-site scripting vulnerability was already discovered by another security researcher, so [the bug] would not have been eligible for payment, regardless of age [of the researcher], as we must honor the original researcher that provided the vulnerability.
Photo via Liz Wise/Flickr
When this baby elephant collapsed, the rest of the herd knew what to do
Elephants never leave a friend behind.19k
Loving dog owner takes his dying best friend on a bucket list road trip
You've been a good boy, Poh. A good, good boy.10k
J.K. Rowling burned the Westboro Baptist Church so hard that it's not even funny
J.K. Rowling won't tolerate homophobes on Twitter.8.9k
Shaq plays Mortal Kombat X, does his thing
But which character did he pick?
Your definitive guide to the best robot butts
Thick, toned and metal.26