Bug bounty program pays out frequent flier miles

United Airlines is inviting security researchers and anyone else to participate in a bug bounty program for a chance to claim up to 1 million award miles, depending on what kind(s) of vulnerabilities you discover. However, it's important to note that United Airlines is looking for specific bug submissions related to its website -- hacking its planes or hitting the company with a denial of service (DoS) attack are both on the list of no-nos.
Same goes for brute force attacks; code injection on live systems; the compromise or testing of MileagePlus accounts that are not your own; any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi; any threats, attempts at coercion, or extortion of United employees, Star Alliance member airline employees, other partner airline employees, or customers; physical attacks against the same groups just mentioned; and vulnerability scans or automated scans on United servers.
Attempting any of those will, at minimum, disqualify you from the bug bounty program, but could also lead to criminal charges, United warns. So, what does that leave?
Remote code execution is at the top of United's list and is the only type of vulnerability that carries a 1 million award mile bounty. Authentication bypass, brute force attacks, potential for personally identifiable information (PII) disclosure, and timing attacks are all potentially worth 250,000 award miles, while cross-site scripting, cross-site request forgery, and third-party issues that affect United could net you 50,000 award miles each.
If you want to particpate in United's bug bounty program, you can find more details here.
Follow Paul on Google+, Twitter, and Facebook


More...