back to article Hack the Pentagon shutters 100 bugs

White hats have found more than 100 vulnerabilities in Pentagon infrastructure under its bug bounty program. Some 1,400 hackers participated in the Hack the Pentagon bug bounty program handing out up to $US14,000 for disclosures of the worst vulnerabilities. US Defense Secretary Ashton Carter told the Defense One conference …

  1. frank ly

    Access control

    "Bug hunters must first pass a background check before being permitted to hack the agency's web properties."

    Black hats (especially foreign ones) can't pass the background check and so are unable to hack the agency's sites.

    1. Martin Summers Silver badge

      Re: Access control

      No they are going to be concentrating on the "Highly-sensitive parts of the Pentagon [that] are out of scope for external bug hunters."

  2. fnusnu

    It would be interesting to know which bugs they squashed. How many were simple configuration errors?

    1. Anonymous Coward
      Anonymous Coward

      Ah, you mean the 'admin/password' bug or maybe even the 'root/123456' one.

    2. Bob Dole (tm)

      >>It would be interesting to know which bugs they squashed. How many were simple configuration errors?

      I bet we can guess that it was everything from simple unsanitized inputs and non-parameterized sql queries on up to still using SSL. You can also bet that they had servers on the same network segment as the open internet. Basically all the crap you'd expect out of people that don't really know what they are doing.

      1. Mark 85

        Basically all the crap you'd expect out of people that don't really know what they are doing.

        Or managlement that hasn't a clue. Revisit companies like Talk-Talk... This type of thing is all too common these days it seems.

  3. Peter 26

    Nice recruiting method

    This was a really good plan to find US citizens with security skills to recruit. Probably a lot cheaper and more effective than the usual recruitment methods.

  4. ChrisElvidge

    Gary McKinnon

    So how much does he get?

    Seems the Russians should get a lot, too.

    1. pompurin

      Re: Gary McKinnon

      25 years in a super max.

  5. allthecoolshortnamesweretaken

    Bug Bounties

    While cash is always nice - what they really should offer is stuff like a ride on a submarine. Or in the backseat of a F-15. Or pushing the launch button at a rocket tst at Vandenberg. Or... you get the general idea.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like