Slack and manding shy girl sex videoits scores of desktop app users just dodged a major bullet.
The communications tool relied upon by journalists, tech workers, and D&D fans alike disclosed on Friday a "critical" vulnerability — now fixed — that would have let hackers run wild on users' computers. Slack's internal security team didn't even find the bug; rather, it was a third-party security researched who reported it, through the bug bounty platform HackerOne in January.
Notably, the exploit allowed for something known as "remote code execution," which is just as bad as it sounds. Before Slack fixed it, an attacker using the exploit could have done some pretty wild stuff, such as gaining "access to private files, private keys, passwords, secrets, internal network access etc.," and "access to private conversations, files etc. within Slack."
What's more, according to the disclosure, maliciously inclined hackers could have made their attack "wormable." In other words, if one person in your team got infected, their account would automatically re-share that dangerous payload to all their colleagues.
It's worth emphasizing that the security researcher who discovered this vulnerability — a process that takes untold hours of work and is a literal job — decided to do what many would consider the right thing and report it to Slack via HackerOne. For the security researcher, whose HackerOne handle is oskars,this resulted in a bug bounty payment of $1,750.
Of course, had that person wanted, they could have likely gotten much, much more money by selling it to a third-party exploit broker. Companies like Zerodium, which offer millions of dollars for zero-day exploits, in turn sell those exploits to governments.
Members of the computer security community were quick to point out the relatively paltry payout for such an important bug.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
We reached out to Slack in an effort to determine how it decides the size of its bug bounty payments, and whether or not it had a response to the criticism levied by members of the security community. In response, a company spokesperson replied that the amount Slack pays for bug bounties is not fixed in stone.
"Our bug bounty program is critical to keeping Slack safe," the spokesperson wrote in part. "We deeply value the contributions of the security and developer communities, and we will continue to review our payout scale to ensure that we are recognizing their work and creating value for our customers."
The spokesperson also noted that the company "implemented an initial fix by February 20."
SEE ALSO: 7 Slack privacy settings you should enable now
Interestingly, Slack does appear to have upped the amount it's willing to pay bug bounty researchers for coordinated disclosure. A look at its HackerOne profile page shows that, as of the time of this writing, reporting a remote code execution vulnerability would merit "$5000 and up."
Too late for oskars, but perhaps that will encourage the next security researcher who discovers a critical vulnerability in Slack to report it to the good guys. We should hope so, for the sake of Slack users everywhere.
UPDATE: Aug. 29, 2020, 1:49 p.m. PDT: This story has been updated to include Slack's statement.
Topics Cybersecurity
‘Conscience and the Constitution’ Carried Nationwide in May on Comcast Video
Charli xcx's 'brat' turns the internet lime green
Atlanta Hawks vs. New York Knicks 2024 livestream: Watch NBA online
Uber offers free rides and tickets to 'Inside Out 2'
saffee and insani power MIBR to semis over M80
Best free online courses from MIT in June 2024
Shop Staub, Ninja, Cuisinart during Walmart+ Week
ChatGPT with Siri integration is now live for iPhone, iPad, and Mac
JA Living Legacy/Nikkei Writers Guild’s Inaugural Banquet
Golden State Warriors vs. Houston Rockets 2024 livestream: Watch NBA online
Higashi Honganji Obon Slated for July 27
How to thank your Amazon driver for free
NYT mini crossword answers for December 12
Does Tinder notify about screenshots?
Rare Atom overcome TYLOO to qualify for EPL S16 Conference
Wordle today: The answer and hints for December 11
Best Amazon Prime deal: Sign up for five months of free Amazon Music Unlimited
Get an Apple Watch Series 9 for $100 off at Amazon
ADL to Sponsor Talk on Asians in Media
Best portable air conditioner deals —?June 2024
Tom Hanks shares photo of his plasma donation for coronavirus researchWe put up a billboard inviting the world to our housemate's Zoom birthday partyCoronavirus cases would dwindle if 80% of Americans wore masks, says studyUPS, CVS to use drones to deliver prescriptions to retirement communityLumen claims to 'hack' your metabolism. I put it to the test.Here are the 13 best tweets of the weekCloser in quarantine: How some friends and families are actually connecting more in isolationLil Nas X found the perfect way to troll with Twitter's new featureApple to let users automatically share Medical IDs on emergency callsElon Musk and Grimes' baby name choice set the internet off Elon Musk's pile of money is now bigger than Bill Gates's pile of money 11 ways to virtually visit Santa this holiday season Mads Mikkelsen confirmed as 'Fantastic Beasts' franchise's new Grindelwald It's time to suck it up and start doing Zoom happy hours again Microsoft waters down 'productivity score' surveillance tool after backlash Twitter will now warn you before you like a tweet with a fact It's time to reexamine 'X Netflix's 'Jingle Jangle' is pure Christmas joy: Movie review There's no shame in not finishing a video game Bitcoin is on the verge of surpassing its all
0.1641s , 12398.46875 kb
Copyright © 2025 Powered by 【manding shy girl sex video】Slack fixes major vulnerability that left desktop users open to attack,Global Hot Topic Analysis
