Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Happened to me in a minor way with ASCII chat characters running down the search engine results page into other results.

I reported that you could use this to basically block out the serp and they said it wasn't a bug then fixed it.. I was hoping for a t shirt at least..

Now I wished I would've abused it and blogged about it for the resume.



I found a bug (not security bug) in an apparel companies website allowing unlimited reuse of their £10 of vouchers. I reported and got a free t-shirt :)


If you can exploit it to make economic damage, would that count as a security bug?


Taken to logical extreme, that would make any black PR or reputational attack a security vulnerability.

Infosec is certainly a hefty part of business continuity, but business continuity itself is a much wider topic.


I'd say it's a bug, but not a security bug.

Someone bragging about finding Zalgo in a SERP would not impress me when reading resumes.


You can still blog about it.


I agree with their assessment. No sensitive data's confidentiality or integrity was impacted, and no availability impact to users.


Their number one source of revenue (search engine results page) could be defaced.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: