Set as Homepage - Add to Favorites

【Caught in the Act: Promiscuous Sex Life of My D-Cup Mother in law】

Source:Wisdom Convergence Information Network Editor:Digital Culture Time:2025-06-26 17:09:05

Slack and Caught in the Act: Promiscuous Sex Life of My D-Cup Mother in lawits scores of desktop app users just dodged a major bullet.

The communications tool relied upon by journalists, tech workers, and D&D fans alike disclosed on Friday a "critical" vulnerability — now fixed — that would have let hackers run wild on users' computers. Slack's internal security team didn't even find the bug; rather, it was a third-party security researched who reported it, through the bug bounty platform HackerOne in January.

Notably, the exploit allowed for something known as "remote code execution," which is just as bad as it sounds. Before Slack fixed it, an attacker using the exploit could have done some pretty wild stuff, such as gaining "access to private files, private keys, passwords, secrets, internal network access etc.," and "access to private conversations, files etc. within Slack."

What's more, according to the disclosure, maliciously inclined hackers could have made their attack "wormable." In other words, if one person in your team got infected, their account would automatically re-share that dangerous payload to all their colleagues.

It's worth emphasizing that the security researcher who discovered this vulnerability — a process that takes untold hours of work and is a literal job — decided to do what many would consider the right thing and report it to Slack via HackerOne. For the security researcher, whose HackerOne handle is oskars,this resulted in a bug bounty payment of $1,750.

Of course, had that person wanted, they could have likely gotten much, much more money by selling it to a third-party exploit broker. Companies like Zerodium, which offer millions of dollars for zero-day exploits, in turn sell those exploits to governments.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Members of the computer security community were quick to point out the relatively paltry payout for such an important bug.

We reached out to Slack in an effort to determine how it decides the size of its bug bounty payments, and whether or not it had a response to the criticism levied by members of the security community. In response, a company spokesperson replied that the amount Slack pays for bug bounties is not fixed in stone.

"Our bug bounty program is critical to keeping Slack safe," the spokesperson wrote in part. "We deeply value the contributions of the security and developer communities, and we will continue to review our payout scale to ensure that we are recognizing their work and creating value for our customers."

The spokesperson also noted that the company "implemented an initial fix by February 20."

SEE ALSO: 7 Slack privacy settings you should enable now

Interestingly, Slack does appear to have upped the amount it's willing to pay bug bounty researchers for coordinated disclosure. A look at its HackerOne profile page shows that, as of the time of this writing, reporting a remote code execution vulnerability would merit "$5000 and up."

Too late for oskars, but perhaps that will encourage the next security researcher who discovers a critical vulnerability in Slack to report it to the good guys. We should hope so, for the sake of Slack users everywhere.

UPDATE: Aug. 29, 2020, 1:49 p.m. PDT: This story has been updated to include Slack's statement.

WATCH: It's surprisingly easy to be more secure online

Topics Cybersecurity

Previous:Shop the Shark FlexStyle for 20% off at Amazon

Next:Operation Rock Wallaby rains food down on wildlife hurt by bushfires

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

watchOS 10: How to add widgets to Apple WatchPapal Abdication: A Potpourri of Popery by Mike Duncan and Jason NovakHappy Birthday, Lois Lowry by Sadie SteinChinua Achebe, 1930–2013 by Sadie SteinFestival Guide: A List of Don’ts for the Lady Music Writer by Natalie ElliottWes Anderson's 'Asteroid City' has so much detail it needed an exhibitionLGBTQ identities are being preserved through creative digital mapping sitesCountdown to the Revel by The Paris ReviewwatchOS 10: How to add widgets to Apple WatchThink of Me Fondly by Matthew SmithAOC raised $200,000 for charity on her 'Among Us' Twitch stream FridayWe probably won't get a bisexual pride flag emoji anytime soon. Here's why.Wordle today: Here's the answer and hints for June 17Wordle today: Here's the answer and hints for June 18Letter from Boston by Michael McGrathMIDNATT and Supertone CEO Lee Kyogu on bringing HYBE's first AIElijah Returns by Max RossWe Have a Winner! by Sadie SteinChatGPT, Bard produce free Windows 11 keysHow to write alt text and accessible image captions for your online posts Woman Instagrams her catcallers to prove an important point 'Six Days in Fallujah' is ready for its comeback. Are we? What actually caused the disastrous avalanche and flood in India Jackie Chan's daughter comes out on Instagram Meet the woman washing the grime off Uber Marvel at UAE Hope orbiter's first image of Mars False report claims Colin Kaepernick would end his protest in NFL The dudes exposed by alt Uber riders might be able to hail self "We live in a society": Explaining the edgelord meme in Justice League This connected tabletop gadget can measure the calories on your plate in 10 seconds flat Netflix's 'Behind Her Eyes' is an unpredictable mystery thriller with a dark twist Triggered VP Mike Pence leaves NFL game, tweets about it Trump attacks retiring senator, who hits back with an appropriately epic burn Medium employees unionize as 'tech and media are at a crossroads' 5 changes Google Maps should make for better driving directions Polar vortex will bring cold to much of the U.S. by Valentine's Day Precious little superfan gets a unique Batman doll made just for her GM's Super Cruise feels like it's self Amazon's ‘Map of Tiny Perfect Things’ is a sweet teen time loop movie

2.3857s , 8226.1796875 kb

Copyright © 2025 Powered by 【Caught in the Act: Promiscuous Sex Life of My D-Cup Mother in law】,Wisdom Convergence Information Network  

Sitemap

Top

Quick Links