Welcome to 2018! This week’s episode is the first of the year, and we’re joined by longtime regular Fahmida Rashid to talk about DJI’s bug bounty problems and a pitch about video surveillance programs. We also talk about what we think will make headlines this year.
DJI’s bug bounty:
Researcher Kevin Finisterre posted an essay describing his experiences with the DJI bug bounty program, ultimately walking away form a $30,000 payout due to interactions with the company. A copy of his essay is available via The Register.
In short, Finisterre and the others he worked with discovered sensitive information exposed on AWS. When he queried DJI about the findings and asked if they were within the scope of their bug bounty, the company responded (after lots of back and forth) that it was and offered him a bounty of $30,000 USD.