#HackTor: Tor Opens up its Bug Bounty Program

  /     /     /  
Publicated : 22/11/2024   Category : security


#HackTor: Tor Opens up its Bug Bounty Program


The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.



The Tor Project has teamed up with HackerOne to invite hackers to find vulnerabilities in its online anonymization platform used by 1.5 million citizens, journalists, privacy advocates, and dissidents around the globe.
The
new public bug bounty program
expands on its two-year-old
invite-only bug bounty project
that doled out a total of $2,200 for seven vulnerability finds, including crash and denial-of-service and edge-case memory-corruption flaws. Under its new public bug bounty program, which Tor announced with the #HackTor moniker, Tor is offering up to $4,000 per bug find, depending on the severity and impact of the flaw.
Tor is hoping the program will help it root out some specific vulnerabilities in its Tor network daemon and browser software: local privilege escalation, unauthorized access of user data, leakages of crypto material of relays or clients, and remote code execution.
After experiencing the success of the private bug bounty program, were electing to open up our program to all hackers willing to comply with the scope of the program on an ongoing basis. The private bounty brought us quality bug reports and helped us fixing issues not only in software eligible under the bug bounty program, but also in other tools we produce or use, Tor browser team lead Georg Koppen said via an email interview.
Tors bug bounty is sponsored by the Open Technology Fund, an organization that supports Internet freedom initiatives worldwide. 
Alex Rice, co-founder and CTO of HackerOne, a bug bounty platform service, says many organizations start with a private bug-bounty program to get their feet wet. Tor made the decision rather than ramping up rewards to ramp up the number of hackers searching for vulnerabilities in its software, he says.
Over the past year and a half, Tor had begun inviting more hackers to its closed program and upping the amount of its awards to bug finders, Rice notes.
The stakes for vulnerabilities in a technology like Tor are so much higher than the average organization, Rice says. People using Tor are human rights advocates, privacy advocates, and individuals going to extremes to protect their privacy because often their lives are in danger if that privacy technology reveals them.
But the flip side to Tors popularity is that its also used by seedy elements of the Internet world: the infamous AlphaBay Darkweb underground marketplace, for example, which now has gone dark after a massive law enforcement operation, employed Tor to mask the identity of its participants.
Related Content:
Major Online Criminal Marketplaces AlphaBay and Hansa Shut Down
Best of Black Hat: 20 Epic Talks in 20 Years
Cybercriminals Regularly Battle it Out on the Dark Web
The Drug Dealer In Your Web Browser
 

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
#HackTor: Tor Opens up its Bug Bounty Program