Researcher Who Found macOS Keychain Exploit Shares Details With Apple, Despite No Bounty

After a Germany-based security researcher last month claimed to have identified a macOS security workaround to access passwords and user information stored in Keychain, he says he’s reversed his position on sharing that information with Apple, 9to5Mac reported Wednesday. Read More >>

Internet Mob Descends Upon Facebook Page of Company That Snitched on Innocent Hacker

If you’re looking for a lesson in how not to respond to bug reports, look no further than Budapest, where the city’s public transit system is getting savaged on Facebook for snitching on a security researcher who discovered a flaw in its online ticketing site. Read More >>

Pokémon Go Desperately Needs a Bug Bounty System

This past weekend, many Pokemon Go gyms were rendered unplayable. Players trying to battle at sites like Big Ben were greeted not by a ‘mon but by an egg that glitched the game, protecting these gyms from being defeated. Eggs appeared in New York City, London, and elsewhere—and almost all of them were placed there by the same person. Read More >>

Win Up to $25,000 for Spending All Day on Pornhub (If You Can Spot a Bug)

Even the dirtiest of sites need to be hosed down every now and again. Pornhub’s launched its own bug bounty scheme, and is offering between $50 (£35) and $25,000 (£17,270) to anyone disengaged enough with the on-screen sexing and whatnot to spot a vulnerability on the site. Read More >>

A 10-Year-Old Hacked Instagram

Some kids save up pocket money to buy an Xbox. Jani, a 10-year-old Finnish boy, decided to hack Instagram, and now he’s $10,000 richer. Read More >>

The Pentagon’s Rewards Program for Hackers Has a Bizarre Loophole

The US Department of Defense launched a new programme last week, “Hack the Pentagon,” to reward hackers for pointing out security flaws in some of its public-facing websites. It’s a bug bounty, the same kind of programme that most big tech firms use to encourage hackers to help instead of harm. The programme budget is $150,000 (£106,026), so rewards will be small, especially compared to private bounties. Read More >>

Company Offers $1m for iOS Hack, Will Probably Sell it to Governments

A cleverly named security company has a clever idea. Zerodium will pay you $1 million if you find a zero-day exploit in iOS 9. Then, if history is any indicator, it will turn around and sell that intelligence to government intelligence agencies. Read More >>

Some Guy Figured Out How to Delete Every Photo on Facebook

A security researcher recently made seriously startling discovery. With just four lines of code, he could delete any photo album on Facebook. Zuck's wedding photos? Zap. Jessica Alba's profile pics? Gone. Your graduation album? Lost forever. Lucky for you, he decided to report the bug to Facebook, which promptly cut him a check. Read More >>