Indian hacker Avinash discovers Vine’s source code; Twitter makes him $10,080 richer
Bug bounty has become a regular source of income for some techies in India. In another big reward, Avinash who is a known bug bounty hunter in the country has been paid as much as $10,080 for discovering a very important security flaw in Twitter’s Vine source code.
Avinash who has been known in the tech circles as an important bug bounty hunter in the country has been trying to find security flaws in major tech social media platforms and other companies including Google, Facebook and Twitter.
Twitter paid him as much as Rs 6.8 lakh when he sent them details about his finding. He plainly told the social media giant that Vine’s source code was publicly available and that if he wished he could put up a foolproof copy of Vine.
A report in the Hacker News claims that the Indian techie Avinash found a Docker image for Vine while looking for vulnerabilities using censys.io. Censys’ while introducing itself says, “Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet.” Docker is a container that contains everything needed to run a piece of software, including code, system tools, libraries, etc.
Earlier this year on March 31, Avinash told the social media giant about the major security flaw, which was consequently fixed minutes after being informed. In return, Twitter rewarded Avinash $10,080, which is about Rs 6.8 lakh, for pointing out the flaw. It must be added here that the complete code for Vine was stored as part of a Docker image used to host the site. The server itself was on AWS (Amazon Web Services) and should have been private. Apparently this is not the first or the last reward for an Indian bug bounty hunter. There are some techies who have become crorepatis by doing it.