PayPal rewards Pakistani student Rafay Baloch for reporting Bugs (Command Execution Vulnerability)
Last year, a Pakistani Independent Security researcher was awarded $ 10,000 for reporting remote code execution vulnerability inside PayPal. Rafay Baloch had been awarded $ 5,000 by PayPal, He identified a remote code execution vulnerability on www.paypal.com.
Rafay Baloch has written in his personal blog that, ”That’s constituted a huge risk to the organization, since an attacker could have easily managed to execute any command on the server. Therefore the bug was extremely critical; however PayPal took more than 2 months to sort it out,“
This genius had also identified a couple of cross-site scripting vulnerabilities and for that he had received an additional $1,000 that has already been addressed by the online payment processor.
Rafay Baloch has been offered a job as a security quality engineer at PayPal. Regarding the offer he said, He is currently doing his Bachelors and he will think about it when it’s completed. He still needs to learn more about it.
Rafay Baloch, has also helped various well-known industries like Microsoft, Ebay, Apple, Adobe, LastPass, Redhat, Barracudalabs, owncloud and so on.. He has reported various vulnerabilities inside their services and helped them to make their products more secure.
Some reference from Microsoft sites, as you can click to their official links:
- http://technet.microsoft.com/en-us/security/cc308575.aspx
- http://technet.microsoft.com/en-us/security/cc308589.aspx
- http://technet.microsoft.com/en-us/security/cc308589.aspx
He is also an author of two bestselling books:
- A Beginners Guide To Ethical Hacking (Details here)
- An introduction To Keylogger, RATS and malware (Details here)
Message for Hackers from this Master Mind
My message to the ones who have just stepped up in this field is that there is nothing wrong in learn hacking techniques, what makes it wrong is the way you use it. There is a misconception among people that hackers have good jobs overseas, this is all wrong, if you associate the word hacker with your name then no organization will hire you. As they would think that you might be posing risk to their organization. Don’t run after fame, it will just be for some time.
Instead if you are really interested in pursuing your career in information security, I would suggest you to build your skills. Go after some certifications such as CISSP, CEH, and CPTE etc. And start using your skills to help organizations make themselves secure, by reporting it to them.
Final Advice from Rafay Baloch:
My final advice to everyone is not to run after money or fame; it will eventually come to you, Just focus on building your skills. I never blogged for income, what I aimed at was readership. People follow you only when you offer something worth reading. I wish you all the best with your future endeavors and hope that this little post may motivate you to trigger your online journey right today. Jump inside the ring to battle the big giants out there who are still missing a great contender.
you’re actually a just right webmaster. The site loading pace is incredible.
It seems that you are doing any unique trick. In addition, The contents are masterwork.
you’ve performed a magnificent process on this subject!
Heya just wanted to give you a brief heads up and let you know a few of
the pictures aren’t loading correctly. I’m not sure why
but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same
outcome.
This is very interesting, You are a very skilled blogger. I’ve joined your feed and look
forward to seeking more of your wonderful post. Also, I have
shared your web site in my social networks!
I every time used to read piece of writing in news
papers but now as I am a user of web thus from now I am using net for articles or reviews, thanks to web.
Hi to all, the contents existing at this site are in
fact awesome for people experience, well, keep up
the nice work fellows.
Woah! I’m really enjoying the template/theme of this blog.
It’s simple, yet effective. A lot of times it’s difficult to get that “perfect balance”
between usability and appearance. I must say you have done a awesome job
with this. Also, the blog loads super fast for me on Safari.
Excellent Blog!
Excellent blog here! Also your website loads up very fast!
What web host are you using? Can I get your affiliate link to your host?
I wish my web site loaded up as fast as yours lol
@Bailey, I have tried number of hosting companies but Hostnext, I found stable.
Some genuinely interesting details you have written.Helped me a lot, just what I was looking for : D.
Exactly where could it be, I’d prefer to read more about this post, thank you.