Popular Posts

Friday, 18 August 2017

Forget Special Glasses—For the Best Views of the Eclipse You Just Need a DIY Pinhole

Forget Special Glasses—For the Best Views of the Eclipse You Just Need a DIY Pinhole

I was in middle school the last time a major solar eclipse passed over my hometown. Some teachers supplied us with glasses and others helped us build viewers from cereal boxes, and we went outside for the big moment. It was okay, I guess. But when I got home, my mother told me how she saw the eclipse.

She told me that she stepped outside with her co-workers, and ended up sitting by a tree. And she noticed the shadow of its leaves on the ground. Everywhere there was a little gap between the leaves, each spot of light was in the same crescent shape as the eclipsed sun.

And if you’re caught outside without any equipment at all, just cross your fingers—literally, with a tiny bit of daylight in between them—and take a look at your shadow. Like the guy in the image, you’ll be holding an eclipse in the palm of your hand.

Copied from Lifehacker

How to Earn Money as a Bug Bounty Hunter

How to Earn money as a Bug Bounty hunter

Are you a coder or white-hat hacker looking to make some money on the side? Bug bounty hunting might be the perfect gig for you.

What Is Bug Bounty Hunting?

Bug bounty hunting is being paid to find vulnerabilities in software, websites, and web applications. The security teams at major companies don’t have enough time or manpower to squash all the bugs they have, so they reach out to private contractors for help. Basically, you use your tools to break things (or break into things), write up a vulnerability report to the company who’s issued the bounty, then get paid. Some hackers make tens of thousands of dollars a year on the side just hunting bugs.

To do it, however, you’ll need to at least know some basic coding and computer skills. Fortunately, Lifehacker has tons of great resources to help get you started, and coding is pretty easy to teach yourself. That said, if you have no idea what any of this stuff means as you read on, bug bounty hunting probably isn’t for you.

Do Some Research and Get Your Tools

Once you’ve got a grip on basic coding, you need to take a deep dive into web applications and how they work. Lucky for you, there’s tons of great resources out there that can point you in the right direction. Start by reading:

The Web Application Hacker’s Handbook ($30)
OWASP Testing Guide v4

Then get the right tools. You’ll need:

Kali Linux (free)
Burp Suite ($349 a year, but very popular)
OWASP Zap (free alternative to Burp Suite)

Then check out the OWASP WebGoat lab, where you can practice finding bugs and vulnerabilities in web applications, and take a look at the Google Bughunter University as well. They have lots of great information bug hunting and how to write solid vulnerability reports that will get you paid. Sites like Bugcrowd and HackerOne can help with that aspect as well.

Find Bug Bounty Listings and Go Hunting

Once you’re armed with knowledge and the right tools, you’re ready to look for some bugs to squash. Companies will often have a link somewhere on their website offering bug bounties, but they can be hard to find. You’re better off checking a bounty board where hackers are reading publicly disclosed vulnerability reports and updating an active list on the daily. Like these:

HackerOne
Bugcrowd
Vulnerability Lab
Fire Bounty
HackerOne also offers Disclosure Assistance, which is a place where a hacker can report any vulnerability to any organization. Even if the organization doesn’t have a vulnerability program, they can contact them and deliver the report. It also helps to join a bug bounty hunter community forum—like those sites listed above—so you can stay up to date on new bounties and tools of the trade. To hunt bugs you also have to be willing to continually learn as you go. Web applications and bug hunting tools are constantly updating, so you need to be on the ball if you want to do things right.

Update: A representative of HackerOne reached out to note their “disclosure assistance” program. The text above has been updated with this information