After launching his latest cloud storage service Mega, Kim Dotcom – the controversial owner of Megaupload – has thrown a gauntlet that few hackers can resist. Dotcom has basically said that if you are able to defeat the security of Mega, he will pay you a bounty of €10,000 (or about $13,500). Dotcom is looking towards the skills of the hacking community to find -and ultimately plug security issues in his newly launched site.
Of course, there are conditions applied to the bounty. Hackers will have to stick to a defined list of scenarios and setups, which include remote code execution (including SQL injection), remote code execution on any client browser (e.g., through XSS) and any issue that breaks their cryptographic security model, allowing unauthorized remote access to or manipulation of keys or data. The bounty comes after prominent tech websites criticized Mega’s approach to privacy and encryption. While the amount posted by Dotcom is certainly a lot of money, it’s still certainly cheaper than hiring a security consultant. Check out all the rules to the initiative, unsurprisingly named The MEGA Vulnerability Reward Program on the link below.