Google rewards Rs 18 lakh to Indian hackers for discovering a bug
By MYBRANDBOOK
Two Indian hackers got a whopping $22,000, for spotting a security flaw in Google’s cloud program projects. They spotted a major server-side request forgery bug and subsequent patch bypass. The bug they found could have allowed someone to take control of someone else’s virtual machine with just one click.
The two hackers Sreeram KL and Sivanesh Ashok said that they were new to this platform and while they were exploring it, they found a problem in one of the features called “SSH-in-browser”. One of the hackers, Sivanesh Ashok said, “Since this was our first step into Google Cloud, we naturally stumbled upon one of the most popular products, Compute Engine. While exploring its features and how it works, I noticed SSH-in-browser. It is a feature in GCP that lets users access their compute instances, through SSH, via the browser. Visually, this interface looks very similar to Cloud Shell.”
The feature allows users to access their computer instances like a virtual machine through their web browser, using a protocol called SSH. After reporting this flaw, Google fixed the issue by adding a security feature called cross-site request forgery (CSRF) protection to the GET endpoints and improving the verification process of the domain.
The two hackers also spotted a bug in another Google cloud platform “Theia”, in which they found that the version of Theia they were using was not the latest one. They looked for vulnerabilities in this version and found multiple ones, but not all of them could be used to exploit the system. Some of them were removed from the installation or required unrealistic user interactions, such as uploading a file and then opening it, which made it difficult to exploit the system.
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
Happiest Minds brings in an innovative GenAI chatbot
Happiest Minds Technologies has announced the new GenAI chatbot - ‘hAPPI...
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
TAC SECURITY SOLUTIONS
HIMACHAL FUTURISTIC COMMUNICATIONS LTD.
TALLY SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: Sunil Gupta
Sunil Gupta is the Co-founder, Managing Partner & CEO of Yotta Infrast...
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...