Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

"Bugs that are eligible for submission: ... The ability to brute-force reservations, MileagePlus numbers, PINs or passwords"

"Do not attempt: ... Brute-force attacks"

This seems contradictory. I assume the intent is to not allow DoS attacks (although they call that out separately further down the list)?



Not exactly.

Seems they're saying they'd accept a bug that can be caused by brute-force, but do not actually attempt a brute force yourself.

But yeah I'd guess they don't want intentionally invite a bunch of people to DoS the site.


Another interpretation is that, if you discover something similar to what Weev discovered, do not do what Weev did.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: