←back to thread

Accessing Max Verstappen's passport and PII through FIA bugs

(ian.sh)
396 points galnagli | 4 comments | 22 Oct 25 18:21 UTC | HN request time: 0.701s | source
Show context
intheitmines ◴[22 Oct 25 19:37 UTC] No.45674109[source]
Just out of interest have you had any legal threats etc from this kind of probing if they don't have explicit bug bounty programs? Also do you ever get offered bounties in on reporting where there wasn't a program?
replies(3): >>45674680 #>>45674761 #>>45675110 #
1. iancarroll ◴[22 Oct 25 20:30 UTC] No.45674761[source]
Actual legal threats are uncommon but I have seen some companies try to offer a bribe disguised as a retroactive bug bounty program, in exchange for not publishing. Obviously it is important to decline that.
replies(2): >>45676060 #>>45678146 #
2. intheitmines ◴[22 Oct 25 22:39 UTC] No.45676060[source]
Thanks, its cool to hear attitudes have changed.
3. gausswho ◴[23 Oct 25 04:21 UTC] No.45678146[source]
Decline because it'd mean you were profiting off of a crime? Or that the opportunity of publishing has higher value than the bribe?
replies(1): >>45678315 #
4. LoganDark ◴[23 Oct 25 05:05 UTC] No.45678315[source]
Decline because the public deserves to know the company has that approach to security.