Mumbai: An Indian white hat hacker has been awarded $10,080 (Rs 6.8 lakh approximately) by micro-blogging website Twitter for discovering a security flaw related to its video sharing service Vine.
Happiness is this !!!
— {{ avicoder }} (@avicoder) April 2, 2016
Write-up is coming soon at https://t.co/JbmlhNVzc0 ... pic.twitter.com/phEnaPt39W
According to Hacker News, Avinash Singh, was responsible for discovering the flaw which rendered Twitter’s complete Vine source code publicly available. Twitter had started Vine in 2012 as a shot-video sharing platform where users can share six-second-long looping video clips.
The report pointed out that Singh was able to discover a Docker image for Vine using nifty Internet-wide scanning tool Censys.io. Docker, an open-cource container technology which helps run more apps on old servers, is gaining popularity among companies.
The Docker images used by Vine, as stated by Singh, were publicly available online instead of being private. Singh was able to download approximately 80 images but he only downloaded ‘vinewww’.
After downloading the images, he ran the docker image vinewww with an interactive shell, which helped him retrieve the full source code.
“I was able to see the entire source code of vine, its API keys and third party keys and secrets. Even running the image without any parameter, was letting me host a replica of VINE locally,” he said in his personal blog.
Bug bounty hunting has become a common online activity for copious white hat hackers in India who have actively taken part in various programmes initiated by social media giants. Recently, Anand Prakash, a Bangalore-based Flipkart employee, was in the news for discovering a Facebook bug.
While foreign companies are welcoming white-hat hackers and cyber security personnel to rectify service flaws and glitches under lucrative bounty programmes, Indian companies still continue to ignore cyber security issues.
