...É um programa ou um teste em que vc deve invadir ou encontrar alguma falha no Mega.co.nz..
What types of bugs qualify?
- Remote code execution on any of our servers (including SQL injection)
- Remote code execution on any client browser (e.g., through XSS)
- Any issue that breaks our cryptographic security model, allowing unauthorized remote access to or manipulation of keys or data
- Any issue that bypasses access control, allowing unauthorized overwriting/destruction of keys or user data
- Any issue that jeopardizes an account's data in case the associated e-mail address is compromised
What types of bugs do not qualify?
- Any issue requiring active victim participation, such as phishing and social engineering attacks
- Any issue resulting from users choosing weak passwords
- Any issue requiring a very significant number of server requests to exploit
- Any issue requiring a compromised client machine
- Any issue requiring an unsupported or outdated client browser
- Any issue requiring physical data centre access (see below for limited scope scenarios that allow for compromised servers)
- Vulnerabilities in third party-operated services (e.g. resellers)
- Any overloading/resource exhaustion/denial of service-type of attacks
- Anything relying on forged SSL certificates
- Anything requiring extreme computing power (2^60 cryptographic operations+) or a working quantum computer. This includes allegedly predictable random numbers — you qualify only if you are able to show an actual weakness rather than general conjecture.
- Any bugs that are unrelated to the integrity, availability and confidentiality of user data
- Any claims that reading and understanding our JavaScript code is successful cryptanalysis in itself — while it may be cryptic, it is notencrypted
0 comentários:
Postar um comentário