Anand Meyyappan, an M.Tech information security student in the Pondicherry Engineering College, has turned into a new star of sorts in the cyber world after he spotted and fixed bugs in leading websites and applications of giants such as Google, Facebook and Yahoo.
Leading cyber companies such as Google, Facebook, Paypal, Yahoo test their websites using a skilled security team before making them live. Apart from that, they have a vulnerability reward program open for all researchers and hackers. So if a hacker or a researcher finds vulnerability in any of the sites, they reward with a bounty based on the severity of the bug. Sharing his success story, Mr. Anand said, “I tried to find the bugs in their website by testing their security features. Some companies provided reward bounty while others companies thanked the researchers in their hall of fame page.”
Acknowledging his findings on the vulnerability, Mediafire, Microsoft, Google, Facebook, Twitter, Giftcards, Nokia, Ebay, AT & T, Red hat, Barracuda labs, and Adobe rewarded him with cash bounties.
Skype homepageMr. Anand said that at Microsoft, the vulnerability was on the Skype homepage, which was a Cross Site scripting vulnerability by which a user’s session could be hijacked or a user could be redirected to a web page. Later, the hacker could access the victim’s login credentials with some social engineering techniques.
Mr.Anand said there was a vulnerability called CSRF (Cross site request forgery) in Giftcards.com. “I could take over anyone’s Giftcards account. The CSRF vulnerability can make a victim click a URL link through which his password, email could be changed by me. I can take over anyone’s account and their account balance (when a victim clicks a link, a post request would be sent to the web server to change the victim’s email and password to attacker’s choice) .They fixed this vulnerability by taking proper countermeasure to validate the source of the request and gave me a reward of US$ 3600.”
“At Google and Facebook, I found the information disclosure vulnerability and Facebook sent US $ 500 reward. Google congratulated me and sent me US$ 100, and published my name in their hall of fame page,” he further added.
