Updated June 29th, 2021 at 21:55 IST
Microsoft awards $30,000 to Delhi techie, Aditi Singh, for spotting bug in Azure system
Marking another technological genius, a 20-year-old ethical hacker from Delhi has won a bounty of $30,000 for spotting a bug in Microsoft’s Azure cloud system.
Advertisement
Marking another technological genius, a 20-year-old ethical hacker from Delhi has won a bounty of $30,000 for spotting a bug in Microsoft’s Azure cloud system. Just two months ago, Aditi Singh had uncovered a similar bug in Facebook and was awarded US$7,500 for the same. Singh is employed as a professional bug hunter, who is responsible for scrounging the web and scanning the systems for bugs or flaws through which hackers can sneak in. These professionals are awarded cash every time they hunt down a bug.
Lesser-known bug
According to Singh, both the companies had a remote code execution (RCE) bug, which was relatively new and lesser-known. The self-taught techie explained that through such bugs hackers could get into the internal systems and access the personal information of the users. Elaborating further, she said that Microsoft had only fixed the bug that she had discovered indicating that there could be other bugs present in the system. According to Aditi, both Microsoft and Facebook wrote the code directly whereas they should have first downloaded Node Package Manager.
Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” Singh told reporters adding that the tech giant took two months to respond as they were checking if anybody had downloaded its insecure version.
Got $30k bounty from Microsoft
— Aditi Singh (@aditi_singghh)
Bug type: RCE#bugbounty #msrc #Microsoft #cybersecurity #infosec pic.twitter.com/lzp1cjwSLT
Earlier this month, another Indian ethical hacker has been awarded Rs 22 lakh by Facebook for discovering malicious bugs on the Instagram app. Despite the profile being private, the discovered bug allowed anyone to view archived posts, stories, reels, and IGTV without following the user. Due to this bug, it would have been easy for the hackers to gain illegal access to private details like-- pictures, videos of users without following them. After the complaint, Facebook had now addressed the bug.
Facebook awarded Fartade 22 lakh (3000$) and said, "The report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed the issue. We look forward to receiving more reports from you in the future", read the statement.
Image: RahulP2021/Twitter
Advertisement
Published June 29th, 2021 at 21:55 IST