Orange site discussion:
https://news.ycombinator.com/item?id=38245935
In the last decade there has been a rise in bug bounty programs where people report bugs they find for money. Along with that though, comes beg bounties, usually 'bug' reports sent by third worlders (mostly from india) who report bugs, like minor misconfigurations in DMARC or a missing CSP which have no impact on sercurity, or just something as low effort as saying they can view the source code of your website...
A typical beg bounty email will look something like this
https://twitter.com/troyhunt/status/1456944042353172487
And all these low effort bug reports to website owners demanding money end up drowning out any which might be legitimate.
Jump in the discussion.
No email address required.
Snapshots:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://news.ycombinator.com/item?id=38245935:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://twitter.com/troyhunt/status/1456944042353172487:
ghostarchive.org
archive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
More options
Context
We got a few of these at my workplace. Some have been tempted to respond by sending them a phishing email, but legal said we couldn't.
Jump in the discussion.
No email address required.
More options
Context
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
range-ban the street shitterz
Jump in the discussion.
No email address required.
More options
Context