Uber Accused of Skipping Out of Paying Bug Bounties

With all the apps and systems that are used, created and updated every day it is often impossible for you to be absolutely certain about their security. This resulted in the creation of external help through schemes like bug bounties unless your Uber who change the scope of what bug bounties they’ll be paying.

Bug bounty schemes are simple. If you find a problem in the code or system that a company uses, you report it to the company running the scheme and if they find it was a problem, you get paid. Even Microsoft and GitHub run schemes to help narrow down and find problems with their software. The issue comes here is that only this week popular taxi alternative app Uber launched its own bug bounty scheme.

Sean Melia found a few issues or rather a few admin panels/ports that were open. This fell in line with what Uber wanted under the grouping of “publicly accessible login panels” and “exposed administration ports (excluding OneLogin)”. After reporting the first issue which was quickly accepted as a bug, Melia went about finding others resulting in the large group he ended up reporting. The problem was that by this time Uber had updated their documentation to make these reports invalid, without informing people using the scheme. Free security support anyone?

The reason for the change? Ubers security engineering manager, Collin Greene, has stated they changed the rules so that they stopped researchers wasting their time on minor bugs. Greene then stated that “a successful bug bounty rests on researchers trusting us to run it well, which we take very seriously”, something that may not go down so well when you are willing to change the goalposts without telling people.

Was Uber right in this case? Should they have acted differently? A problems a problem, even with a lesser payment, should Melia have received something given that he did the work under the old rules?

Apple To Replace 3TB Hard Drives In 2012 Model iMacs

We all love that little extra storage, some of us even need it. At the moment my hard drive is warning me that I’m running with less than 50GB free (game sales always do that), and some of us sometimes even end up upgrading our hard drives just in case we might need that little extra space. So what about those of you who brought a 3TB iMac between December 2012 and September 2013?

For those who bought an iMac in this period might want to take up Apple on their replacement scheme they’ve recently launched. If you take them up on the offer Apple will replace and transfer your data (if it’s possible) until December 19th or three years after the original sale (whichever ends later). It will also compensate people who have paid to replace a hard drive from the list of affected models.

So what’s affecting all these hard drives? Quite simply they are failing almost 44% of the time, almost five times that of the models released during the 2013 period a year before.

The graph above outlines the information that MacNN was able to report on, showing that with a 44% for a 3TB Seagate hard drive, a significant change from their normal failure rate.

If you are a Mac user and want to check if your iMac may be affected check out the replacement scheme located here, by entering your serial number you can check if your system may be affected by this problem.With the offer

With the offer available, even if you’ve yet to experience a problem with your machine I would recommend checking and taking them up on the offer if the problem does affect you. The last thing anyone wants is to lose their files and memories because of a bad hard drive.

Thank you MacNN for the information.

Image courtesy of Apple.

Club Nintendo Rewards Scheme to be Discontinued

Nintendo has announced that it will be closing its Club Nintendo rewards programme this September. The company said that it will close the scheme in stages, and that a new rewards programme will take its place.

Nintendo said in a statement that it will discontinue redemption codes included with physical copies of Nintendo games from April 1st and users will no longer be able to redeem points for digital download copies from April 20th. Users will still be able to redeem rewards until September 30th, following which all existing and unused points will expire. A new scheme will later be introduced.

Club Nintendo has been around in one form or another since May 2002, and started out as two separate schemes under the names of VIP 24:7 and Club Member. In 2007 both schemes were combined to form Club Nintendo, which has been offering free rewards in exchange for points ever since.

The scheme has proved popular amongst Nintendo fans, offering exclusive game soundtracks, toys, free games and other memorabilia.

Source: Nintendo