- GPS app gave hacker ability to remotely shut off car engines Today 3:58 PM
- Scott Walker wore jeans for sexual assault awareness, and Twitter is reminding him of his misogynist past Today 3:24 PM
- Hacked Lime scooters make sexual comments to riders Today 3:03 PM
- ‘Bonding’ squanders its potential with weak jokes and limp structure Today 2:49 PM
- The safest place for ‘Game of Thrones’ memes is in the crypts Today 2:23 PM
- Report: Fortnite developer Epic Games is working employees into the ground Today 1:57 PM
- Damian Lillard’s game-winning 3-pointer inspired a plethora of memes Today 12:17 PM
- Gamers are blaming socialism for making the women in Mortal Kombat ‘ugly’ Today 11:36 AM
- Nickelodeon is selling SpongeBob toys based on popular memes Today 11:25 AM
- Alex Jones protests outside the White House by shouting the name of his website Today 11:13 AM
- ‘I Think You Should Leave with Tim Robinson’ has an absurd conclusion for every scenario Today 10:52 AM
- Twitch star TF Blade banned for racial slur—but he swears he didn’t say it Today 10:43 AM
- Steve King says backlash to white nationalism comment was like what Jesus went through Today 10:23 AM
- Netflix movies are still eligible for Oscars, Academy rules Today 10:21 AM
- Sheriff’s deputy makes homophobic comments on Facebook after gay teen’s suicide Today 10:02 AM
When Robert Kugler reported a bug to PayPal, he was hoping to get paid as part of the company’s bounty program.
When Robert Kugler reported a bug to PayPal, he was hoping to get paid as part of the company’s bounty program. But the eBay-owned company rebuffed him. He was 17—underage.
On May 19, Kugler, a security researcher from Germany, notified PayPal of a cross-site scripting (XSS) flaw that would permit anyone who exploited it to steal sensitive information. For a site that deals in financial transactions, this is not an insignificant vulnerability.
According to PC World, eBay officials notified Kugler via email that because he was under 18, he was in violation of its guidelines for security researchers. It’s worth noting the company’s site doesn’t actually mention the age restriction.
For his part, Kugler believes PayPal’s actions are setting a bad precedent and that they’ll only discourage others from finding and reporting vulnerabilities.
“It’s not the best idea when you’re interested in motivated security researchers,” he wrote in his report on security researcher site Seclist.org.
UPDATE: PayPal denies that Kugler’s age was at issue. Actually, another researcher beat him to the punch. Here’s the company’s statement:
In this specific situation, the cross-site scripting vulnerability was already discovered by another security researcher, so [the bug] would not have been eligible for payment, regardless of age [of the researcher], as we must honor the original researcher that provided the vulnerability.
Photo via Liz Wise/Flickr
Fidel Martinez is a web culture and politics reporter. His work for the Daily Dot focused on Reddit and YouTube.