Komentar Terbaru

    Great! This Student Discover Google Vulnerability, Get More Rewards

    illustration

    Google makes such a program prize money to people who find vulnerabilities or deficiencies in Google products and services. This needs to be done by Google, in order to improve Google’s services and features. One of the most recent vulnerability finds was found by a high school equivalent school boy in Uruguay named Ezequiel Pereira, who managed to get a gift from Google for $ 10,000 (equivalent to Rp 133 million).

    Security researchers, both professional and amateur, have managed to find a number of vulnerabilities and bugs in Google’s programs and services over the years. Google publishes a report at any time and then announces how much money has been paid, and what products or services the bug found and the severity of the bug.

    This program is helpful in helping Google find and perform high-level squash bugs. It also prevents irresponsible parties from obtaining confidential information and obtaining confidential information about Google, its partners, or even its service users.

    Ezequiel Pereira succeeded in finding a simple but very dangerous bug and potentially destroying Google services because outsiders log onto their internal intranets. This hacking basically consists of changing around the host header for a specific set of URLs and just trying different domains until the right combination is found to let an attacker in without error or security checks.

    Using a penetration penetration tool called Burp, Ezequiel Pereira finds that combination and goes to “yaqs.googleplex.com”, a site inside Google’s internal intranet that happens to be connected to the internet, and positioning Google services to be vulnerable and insecure. Pereira can pass various URLs quickly, and try them out from different hostnames declarations. There is no real exploitation used here. Pereira just says that he accessed the site from within Google, and the site instantly “trusted” it.

    This appears to be a harmless page that contains categorically organized information about Google departments and services. When Pereira is in a file labeled as “secret”, he immediately submits a report to Google. Google contacted Ezequiel Pereira after seeing this problem in depth, and has found that Pereira’s methods could ultimately lead an attacker to go somewhere on the Google intranet where they could potentially find customers’ personal information.

    And when Ezequiel Pereira knew that Google had rewarded him with such a great gift, with the innocent spirit of high school boys why did his rewards be so great? Google responded that the vulnerability discovered by Ezequiel Pereira was the answer.

    Source: AndroidHeadlines

    No comment yet

    Leave a Comment >

    Leave a Comment

    Your email address will not be published.
    Required fields are marked *

    Back to top ^

     
     

    Swipe left/right for previous/next post