- Firearm companies can’t advertise guns on Instagram—but influencers can 3 Years Ago
- Roy Moore is running for Senate again, despite… you know Today 3:34 PM
- 72 officers removed from patrol over ‘offensive’ Facebook posts Today 3:32 PM
- Cuba Gooding Jr. turned himself in to the police—and it’s a meme now Today 3:26 PM
- Facebook would like to remind the world it owns Instagram, WhatsApp, and Oculus Today 3:10 PM
- Kutcher, Kunis debunk divorce rumor—and fans reply with ‘That ‘70s Show’ memes Today 3:00 PM
- Yes, Tifa’s breasts are smaller in Final Fantasy 7 Remake. Here’s why Today 1:33 PM
- Google admits bug could let people spy on Nest cameras Today 1:29 PM
- The Trump 2020 bot campaign has begun Today 1:10 PM
- Here’s what’s coming and going on Netflix in July 2019 Today 12:39 PM
- Suicides in the U.S. are increasing at terrifying rates Today 12:32 PM
- Hannah’s season of ‘The Bachelorette’ goes up in smoke amid drama, receipts Today 12:27 PM
- Homophobic pastor blocked from hosting event at Cracker Barrel Today 12:01 PM
- Here’s what’s coming to Amazon Prime in July 2019 Today 12:01 PM
- Biden faces backlash for remarks about working with segregationist senators Today 10:58 AM
Hacker scores $5,000 payday for finding address bar flaw in Chrome and Firefox
Developers can’t find every bug themselves, so they use bug bounties to encourage hackers to help them keep programs secure.
While developers do their best to ensure the programs and apps they make are secure when they’re released, it’s often impossible for a team to find every bug. That’s why bug bounties exist, as a way to reward users who help developers find security flaws in the programs we use every day. It’s also why Rafay Baloch is currently $5,000 richer.
Baloch recently discovered a vulnerability in the way Chrome and Firefox render website addresses, which allowed attackers to send users to spoof websites that appear to be real but are actually elaborate frauds. The vulnerability was caused by the browser’s flipping of web addresses that are written right-to-left, since that’s how some languages, such as Arabic, are read.
According to Baloch’s example, if a user were to input 127.0.0.1/I/http://example.com, the browser would display it as simply http://example.com/i/127.0.0.1, while still sending the user to 127.0.0.1/i/http://example.com. This allowed scam artists to trick users to visiting spoof sites that use the guise of official domains.
According to Baloch the issue will be resolved when Chrome 53 and Firefox 48 are released. In the meantime let Baloch’s windfall be your inspiration. If you’ve got the skill to discover a bug it could pay off in more than just a pat on the back for making the world a better place. It could land you cold hard cash.
John-Michael Bond is a tech reporter and culture writer for Daily Dot. A longtime cord-cutter and early adopter, he's an expert on streaming services (Hulu with Live TV), devices (Roku, Amazon Fire), and anime. A former staff writer for TUAW, he's knowledgeable on all things Apple and Android. You can also also find him regularly performing standup comedy in Los Angeles.