Comment by pavlov

4 months ago

The edited title on HN is incomprehensible.

The original is:

”1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies”

A better edit might be something like:

“The $50k bug where Zendesk backdoored Fortune 500 companies”

8 comments

pavlov

Reply
gouggoug  4 months ago

That title is also completely misleading because the author did not in fact get paid.

50k corresponds to the money they made with unrelated bug bounties.

I wish they would fix the title so that it properly calls out zendesk refused to pay for a serious bug.

  • cjbprime  4 months ago

    "Unrelated" doesn't sound right. Zendesk refused to pay for the vulnerability, so the researcher used it against downstream customers of Zendesk, who did pay the researcher for the impact of that Zendesk vulnerability against their own company.

  • masfuerte  4 months ago

    I understood it to mean that he received $50K from enterprises using Zendesk who were vulnerable to this bug, but it's not entirely clear.

mmsc  4 months ago

It was supposed to be

1 bug, 50k:

I don't know why the "1" got dropped.

  • some_furry  4 months ago

    HN mangles submission titles.

    If you submit "Why I care" it'll decide that you meant 'I care".

    If you submit "10 More Secrets in Pokemon" it'll decide you meamt "More Secrets in Pokemon".

    Conversely, there's an entire cottage industry focused on writing attention-catching headlines, which results in patterns like what HN mangles.

    If it's annoying, OP can edit immediately after submitting to overwrite the mangled title with the correct one.