Did you know that google pays for security bugs too?

Yep they do.

Base reward is 500$ but if ones find is rated as critical/severe/clever the reward is raised to 1337$. 🙂

They are not the only ones nor the pay rate is not that awesome but still  more sw companies engaging into such rewards for vulnerabilities is nothing but good news since slowly this might turn into an industry standard.


Cracking OpenSSL RSA PKI using hardware faults

Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key.

The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.


The vulnerability was discovered by Andrea Pellegrini, Valeria Bertacco and Todd Austin from the University of Michigan.

Grab the published paper describing the vulnerability here.


Microsoft: Don’t press F1 key in Windows XP