Bounty worth Rs 22 Lakh for a bug in Azure cloud systems

Parv Kohli

June 28, 2021

Bug bounty hunters are cybersecurity professionals or researchers who explore the web and find and fix bugs. They scan systems searching for vulnerabilities or flaws that hackers might use to sneak in and inform the companies about them. Aditi Singh, a 20-year-old ethical hacker from Delhi, is one such bounty hunter. She won a reward of Rs 22 Lakhs, approximately $30,000, for discovering a bug in Microsoft’s Azure cloud system. She also received a reward for finding a similar bug on Facebook. According to Aditi, both companies had a Remote Code Execution (RCE) bug. Aditi adds that the developers should have first downloaded Node Package Manager—a subsidiary of GitHub where anyone can access the codes from these organizations as they are open-sourced—before writing the code. “Developers should only write code after they've obtained NPM," she advises. She says, "Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them". Microsoft took over two months to respond as they ensured that no one had downloaded the insecure version. Ethical hackers always have to be vigilant about the new systems and actively work towards finding bugs. Aditi has been into ethical hacking for the last two years and has found bugs in over 40 companies. She believes that anyone who has access to Google and Twitter can use the resources available and become an ethical hacker. She plans on spending her rewards towards hacking tools and certified courses about hacking, hence increasing her skill set.

Abridged fromIndia Today