|
Recently, a Pakistani Independent Security
researcher was awarded $ 10,000 for reporting remote code execution
vulnerability inside PayPal.
|
|
Rafay Baloch had been awarded $ 5,000 ( PKR
489750.00) by PayPal, He identified a remote code execution
vulnerability on www.paypal.com.
Rafay Baloch has written in his personal blog that, “That's constituted
a huge risk to the organization, since an attacker could have easily
managed to execute any command on the server. Therefore the bug was
extremely critical; however PayPal took more than 2 months to sort it
out,”
This genius had also identified a couple of cross-site scripting
vulnerabilities and for that he had received an additional $1,000 (PKR
97960.00) that has already been addressed by the online payment
processor.
|
|
|
Rafay Baloch has been offered a job as a security quality engineer at
PayPal. Regarding the offer he said, He is currently doing his Bachelors
and he will think about it when it’s completed. He still needs to learn
more about it.
Image prove link: |
|
|
|
Rafay Baloch, has also helped various well-known industries like
Microsoft, Ebay, Apple, Adobe, LastPass, Redhat, Barracudalabs, owncloud
and so on.. He has reported various vulnerabilities inside their
services and helped them to make their products more secure.
Image prove link:
|
|
|
|
As you can click to their official links:
https://technet.microsoft.com/en-us/security/cc308575.aspx
https://technet.microsoft.com/en-us/security/cc308589.aspx
https://technet.microsoft.com/en-us/security/cc308589.aspx
He is also an author of two bestselling books:
1. A Beginners Guide To Ethical Hacking
2. An introduction To Keylogger, RATS and malware
Here’s a Massage from this Master Mind to the Upcoming Hackers,
My message to the ones who have just stepped up in this field is that
there is nothing wrong in learn hacking techniques, what makes it wrong
is the way you use it. There is a misconception among people that
hackers have good jobs overseas, this is all wrong, if you associate the
word hacker with your name then no organization will hire you. As they
would think that you might be posing risk to their organization. Don't
run after fame, it will just be for some time.
Instead if you are really interested in pursuing your career in
information security, I would suggest you to build your skills. Go after
some certifications such as CISSP, CEH, and CPTE etc. And start using
your skills to help organizations make themselves secure, by reporting
it to them.
Final Advice from Rafay Baloch:
My final advice to everyone is not to run after money or fame; it will
eventually come to you, Just focus on building your skills. I never
blogged for income, what I aimed at was readership. People follow you
only when you offer something worth reading. I wish you all the best
with your future endeavors and hope that this little post may motivate
you to trigger your online journey right today. Jump inside the ring to
battle the big giants out there who are still missing a great contender.
|