Link: http://www.businessinsider.com/student-legally-hacks-united-airline-earns-frequent-flyer-miles-ryan-pickren-2016-9
This is an interesting short video/article on a Georgia Tech student that has been participating in United Airlines bounty program and has been rewarded in $300,000 worth of miles as a reward for findings security flaws. He’s donated a third of his miles back to Georgia Tech.
It wasn’t always sunshine and rainbows for Ryan. He got into some trouble with the law when he hacked a rival school’s calendar before a big football game. He was charged, but completed a pretrial diversion program and the charges were dropped.
He began the United Airlines bounty program to earn miles to visit his girlfriend and became the most successful contributor.
I find it interesting when highly technical individuals such as Ryan are given an avenue to utilize these skills in an ethical manner (especially when they are caught doing something unethical). For some folks, the technical part is very easy and the ethical part is challenging. For myself, I’ve always had strong ethical principles and business acumen, but the desire to be more technical is what got me interested in the Temple ITACS program and ethical hacking. How about the rest of you all?
Jason,
This is an interesting article/short video. It would have been nice if they would have described how he was able to find bugs in the systems, and what improvements they have made to patch these bugs. What United is doing is a good way to do penetration testing. Tell people to try and hack your system, and you will reward them.
Jason, thank you for posting this new. I think the story behind the student is very interesting. I know many organizations started to use bounty program to encourage people to help them find vulnerabilities in their systems. Few weeks ago, Yelp offered up to 15K award for people who find fatal vulnerabilities.
hello Jason- this is a great article and one more example for all of us to follow. Many companies are dedicating and allocating rewards to those that can find the zero-day vulnerabilities in software, and the pay is quite attractive.
I wish I could be more proficient and daring so I could win some money from my skill set.