{"id":788,"date":"2024-07-19T23:57:36","date_gmt":"2024-07-19T21:57:36","guid":{"rendered":"https:\/\/digitalnews.hu\/?p=788"},"modified":"2025-12-30T22:08:54","modified_gmt":"2025-12-30T20:08:54","slug":"emel-a-google-joval-tobb-penz-jar-a-bugokert","status":"publish","type":"post","link":"https:\/\/digitalnews.hu\/?p=788","title":{"rendered":"Emel a Google: j\u00f3val t\u00f6bb p\u00e9nz j\u00e1r a bugok\u00e9rt"},"content":{"rendered":"\n

Jelent\u0151sen megn\u00f6veli a keres\u0151\u00f3ri\u00e1s a bug bounty programja keret\u00e9n bel\u00fcl jelentett s\u00e9r\u00fcl\u00e9kenys\u00e9g\u00e9rt j\u00e1r\u00f3 jutalmakat, ami egyes esetekben az eddigi \u00f6sszeg \u00f6tsz\u00f6r\u00f6s\u00e9t is jelentheti.
A Google 2023-ban \u00f6sszesen 10 milli\u00f3 doll\u00e1rt (kb. 3,6 milli\u00e1rd forint) osztott sz\u00e9t a k\u00fcl\u00f6nb\u00f6z\u0151 term\u00e9keiben \u00e9s szolg\u00e1ltat\u00e1saiban megb\u00faj\u00f3 s\u00e9r\u00fcl\u00e9kenys\u00e9gek \u00e9s hib\u00e1k felfed\u00e9s\u00e9\u00e9rt, ami ugyan valamivel kevesebb, mint a 2022-es bugvad\u00e1sz program sor\u00e1n kifizetett 12 milli\u00f3 doll\u00e1r, de stabil \u00e9rdekl\u0151d\u00e9st mutatott a Vulnerability Reward Program ir\u00e1nt.<\/p>\n\n\n\n

A programot m\u00e9g vonz\u00f3bb\u00e1 teheti, hogy a keres\u0151\u00f3ri\u00e1s p\u00e1r napja bejelentette: tov\u00e1bb emeli a a rendszereiben \u00e9s alkalmaz\u00e1saiban tal\u00e1lt hib\u00e1k jelent\u00e9s\u00e9\u00e9rt j\u00e1r\u00f3 \u00f6sszegeket a Vulnerability Reward Programon kereszt\u00fcl, egyetlen biztons\u00e1gi hiba ak\u00e1r m\u00e1r 151 515 doll\u00e1r, azaz k\u00f6r\u00fclbel\u00fcl 55 milli\u00f3 forint maxim\u00e1lis jutalmat is \u00e9rhet. A j\u00falius 11 \u00f3ta jelentett sebezhet\u0151s\u00e9gekn\u00e9l m\u00e1r az \u00faj d\u00edjszab\u00e1st alkalmazza a c\u00e9g a kifizet\u00e9sek meg\u00e1llap\u00edt\u00e1sakor, arra hivatkozva, hogy mostanra m\u00e1r m\u00e9g nehezebb lehet a bugok felder\u00edt\u00e9se az \u00e9vek sor\u00e1n egyre biztons\u00e1gosabb\u00e1 v\u00e1lt szolg\u00e1ltat\u00e1saiban.<\/p>\n\n\n\n

Egyes kateg\u00f3ri\u00e1kban ak\u00e1r \u00f6tsz\u00f6r\u00f6se j\u00e1rhat a r\u00e9gi jutalomnak a k\u00fcl\u00f6nb\u00f6z\u0151 t\u00edpus\u00fa, illetve s\u00faly\u00fa biztons\u00e1gi hib\u00e1kt\u00f3l f\u00fcgg\u0151en: a kor\u00e1bbi 13,337 doll\u00e1r helyett m\u00e1r ak\u00e1r 75 ezer doll\u00e1rt \u00e9rhet egy olyan logikai hiba jelent\u00e9se, ami @gmail.com-os fi\u00f3k eltulajdon\u00edt\u00e1s\u00e1hoz vezethet, de egy XSS sebezhet\u0151s\u00e9g is \u00e9rhet 15 ezer doll\u00e1rt.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

A Google szervereit \u00e9rint\u0151 k\u00f3dinjekci\u00f3s sebezhet\u0151s\u00e9g\u00e9rt 101 ezer doll\u00e1r j\u00e1rhat. A c\u00e9g bevezeti plusz t\u00e9nyez\u0151k\u00e9nt a beny\u00fajtott dokument\u00e1ci\u00f3 min\u0151s\u00e9g\u00e9t is, ami ha hanyagabb a kellet\u00e9n\u00e9l, az \u00f6sszeg ak\u00e1r a fel\u00e9re cs\u00f6kkenhet, de a rendk\u00edv\u00fcl alapos dokument\u00e1ci\u00f3 ak\u00e1r m\u00e1sf\u00e9lszerezheti a kifizet\u00e9s \u00e9rt\u00e9k\u00e9t.<\/p>\n\n\n\n

A Vulnerability Reward Program (VRP) 2010-es elind\u00edt\u00e1sa \u00f3ta a Google t\u00f6bb mint 50 milli\u00f3 doll\u00e1r jutalmat fizetett ki a biztons\u00e1gi kutat\u00f3knak, t\u00f6bb mint 15 000 sebezhet\u0151s\u00e9g felder\u00edt\u00e9s\u00e9\u00e9rt, 2022-ben \u00e9rte el cs\u00facs\u00e1t a program, az akkori \u00e9ves szinten kifizetett 12 milli\u00f3 doll\u00e1rral.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Kik azok a bugvad\u00e1szok \u00e9s mi\u00e9rt j\u00f3 vel\u00fck dolgozni? Mi motiv\u00e1l egy ilyen etikus hackert arra, hogy ak\u00e1r a teljes szabadidej\u00e9t r\u00e1sz\u00e1nja egy-egy sebezhet\u0151s\u00e9g felkutat\u00e1s\u00e1ra? Nem csak a p\u00e9nz, b\u00e1r m\u00e1r itthon is volt r\u00e1 p\u00e9lda, hogy valaki t\u00f6bb t\u00edzmilli\u00f3 forintot kassz\u00edrozott egyetlen s\u00e9r\u00fcl\u00e9kenys\u00e9g felfedez\u00e9s\u00e9vel.<\/p>\n\n\n\n

Tov\u00e1bb a cikkre:<\/mark> hwsw.hu<\/a> \u00e9s bughunters.google.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Jelent\u0151sen megn\u00f6veli a keres\u0151\u00f3ri\u00e1s a bug bounty programja keret\u00e9n bel\u00fcl jelentett s\u00e9r\u00fcl\u00e9kenys\u00e9g\u00e9rt j\u00e1r\u00f3 jutalmakat, ami egyes esetekben az eddigi \u00f6sszeg…<\/p>\n","protected":false},"author":1,"featured_media":791,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-788","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kiberbiztonsag-deep-fake"],"_links":{"self":[{"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/posts\/788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=788"}],"version-history":[{"count":4,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/posts\/788\/revisions"}],"predecessor-version":[{"id":5284,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/posts\/788\/revisions\/5284"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=\/wp\/v2\/media\/791"}],"wp:attachment":[{"href":"https:\/\/digitalnews.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digitalnews.hu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}