UNITED AIRLINES PAYS MAN A MILLION MILES FOR REPORTING BUG
TWO MONTHS AFTER United Airlines launched a bug-bounty program to reward researchers who report flaws in the company’s web site and apps, a researcher has received 1 million air miles in the first reward given.
After submitting information to United about a remote-code execution flaw in the airline’s web site, Jordan Wiens was awarded his mileage last week. It was the first time Wiens, owner of the Florida-based security firm Vector 35, had submitted to a bug-bounty program.
United is the first airline to launch a bug bounty program. The company announced the program in May, after receiving harsh criticism for banning a security researcher from one of its flights.
United offers bounty submitters only air miles as a payout, rather than cash, as most vendor bug bounty programs do. The amounts paid by other bounty programs can vary between $500 and $250,000. The cash value of the 1 million miles Wiens received is about $25,000.
The miles United will pay out depend on the type of bug reported. The airline will award 50,000 miles for cross-site scripting bugs, for example. An authentication bypass bug can earn 250,000. But remote-code execution flaws—which allow an attacker to remotely run whatever malicious code they want on a vulnerable web site or system—earns the top payout.
“There were actually two bugs that I submitted that I were pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified,” Wiens told the ThreatPost security blog. “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.”
Instead, after confirming he was a US citizen and that his research was done in the US, United told him to check his mileage account, where he discovered the massive deposit.
IS CYBER-ARMAGEDDON UPON US? 3 GLITCHES TODAY HAVE SOME SAYING YES
A trio of cyber incidents this morning had some people seeing cyberarmageddon. We’re looking at you, Senator Bill Nelson (D-Florida).
Following reports this morning that United Airlines had grounded all of its flights worldwide due to a computer problem, and the New York Stock Exchange had also halted all trading due to its own digital problem there were some who wondering mildly if the two were connected in some way. But then the Wall Street Journal web site also went down and the good senator tweeted that the three together had the makings of a major cyberattack. Though he also used the events as an opportunity to push passage of a flawed cybersecurity bill that he supports.
Three major computer malfunctions on same day give appearance of an attack, serve as reminder Congress must pass a cybersecurity bill
— Bill Nelson (@SenBillNelson) July 8, 2015
So far there’s no evidence any of them are the result of an attack. United Airlines has only said the problem was “an automation issue”—though it said the same thing last month when it called another nationwide grounding. In that case, several passengers tweeted that they were told the problem was an issue with bogus flight plans being sent to the airline’s computers.
The New York Stock Exchange said in a tweet that it halted trading due to an internal technical issue that “is not the result of a cyberattack.”
The White House and DHS even weighed in, saying there was no sign that any of the three incidents involved a hack.
But the conspiracy theories aren’t likely to die, particularly in light of a curious note the hacking group Anonymous tweeted the night before:
Wonder if tomorrow is going to be bad for Wall Street…. we can only hope.
— Anonymous (@YourAnonNews) July 8, 2015
HERE’S WHAT DELAYING ALL UNITED FLIGHTS DOES TO US AIR TRAFFIC
After grounding all of its domestic flights this morning over what it’s calling an “automation issue,” United Airlines is putting aircraft in the air again. But you can’t just stop hundreds of flights without a major ripple effect across the system.
That’s what FlightAware’s “Misery Map” shows here. You can see how delays move through the US system over the past few days. Today’s spike is hitting Chicago’s O’Hare International Airport, a United hub, especially hard.
GROUNDED UNITED FLIGHTS MEAN MONSTER LINES AT O’HARE
Earlier this morning, United Airlines grounded all of its US flights due to what it’s calling an “automation issue.” The order’s been lifted and planes are taking off again, but when you stop hundreds of flights for any period of time, you get massive delays that ripple across the system.
And that means beastly lines like this one at Chicago’s O’Hare International Airport, which isn’t a fun place to be in the best of times:
The joy that is O'Hare right now during this @united debacle. #Grounded#Ohare #Airport #ComputerGlitch pic.twitter.com/ls6N6X35G8
— Andrew Lahey (@colormelahey) July 8, 2015
REMINDER: THIS IS THE 3RD TIME IN A MONTH AIRLINE FLEETS HAVE BEEN GROUNDED
Today, United Airlines grounded all its domestic flights over an “automation issue” with its computer system. United had to ground its domestic fleet last month, too. Passengers aboard affected flights indicated then that it had to do with bad flight plans being automatically uploaded to pilots. Then later in June, a Polish Airline was hit with what seemed like the exact same problem.
No word yet on whether today’s automation issue is also related to flights plans, but as our coverage of the earlier instances suggests, the universal flight-plan protocol is an easy target for tampering.
Here are our full stories on those earlier groundings.
All U.S. United Flights Grounded Over Mysterious Problem
On June 6, all United Airlines flights in the US were grounded for nearly an hour over “dispatching information.”
Though United never indicated the exact cause for the grounding, tweets from onboard passengers suggested it had to do with faulty flight plans.
All Airlines Have the Security Hole That Grounded Polish Planes
Takeaway from our analysis? The problem is systemic.
Kim Zetter writes of the Polish airline incident: Although Polish authorities haven’t provided details about what occurred with the flight plans in that case, the problem with both the LOT planes and United may very well be the protocol for delivering flight plans: It doesn’t require authentication.
However, don’t freak out. Though the problem is troublesome, it is not is not a safety issue. We repeat: it is not a safety issue.
UNITED AIRLINES FLIGHTS GROUNDED ACROSS THE US…AGAIN
Around 9 a.m. Wednesday, the FAA announced that United Airlines has grounded all flights in the United States over what it is calling “an automation issue.”
United Airlines is down. This is the line at LAX terminal. People basically waiting with no information. @myfoxla pic.twitter.com/RDYPc2BdlP
— Mario Ramirez (@MarioFOXLA) July 8, 2015
Last month, United grounded all domestic flights after what appeared to be an issue with faulty flight plans being uploaded to pilots.
BREAKING: United Airlines flights on regional partners no longer affected by grounding: FAA
— Reuters Top News (@Reuters) July 8, 2015
Flight delays are expected throughout the day. We’ll follow up with more news as we have it.
No comments:
Post a Comment
Please leave a comment-- or suggestions, particularly of topics and places you'd like to see covered