Slack and tight sex videoits scores of desktop app users just dodged a major bullet.
The communications tool relied upon by journalists, tech workers, and D&D fans alike disclosed on Friday a "critical" vulnerability — now fixed — that would have let hackers run wild on users' computers. Slack's internal security team didn't even find the bug; rather, it was a third-party security researched who reported it, through the bug bounty platform HackerOne in January.
Notably, the exploit allowed for something known as "remote code execution," which is just as bad as it sounds. Before Slack fixed it, an attacker using the exploit could have done some pretty wild stuff, such as gaining "access to private files, private keys, passwords, secrets, internal network access etc.," and "access to private conversations, files etc. within Slack."
What's more, according to the disclosure, maliciously inclined hackers could have made their attack "wormable." In other words, if one person in your team got infected, their account would automatically re-share that dangerous payload to all their colleagues.
It's worth emphasizing that the security researcher who discovered this vulnerability — a process that takes untold hours of work and is a literal job — decided to do what many would consider the right thing and report it to Slack via HackerOne. For the security researcher, whose HackerOne handle is oskars,this resulted in a bug bounty payment of $1,750.
Of course, had that person wanted, they could have likely gotten much, much more money by selling it to a third-party exploit broker. Companies like Zerodium, which offer millions of dollars for zero-day exploits, in turn sell those exploits to governments.
Members of the computer security community were quick to point out the relatively paltry payout for such an important bug.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
We reached out to Slack in an effort to determine how it decides the size of its bug bounty payments, and whether or not it had a response to the criticism levied by members of the security community. In response, a company spokesperson replied that the amount Slack pays for bug bounties is not fixed in stone.
"Our bug bounty program is critical to keeping Slack safe," the spokesperson wrote in part. "We deeply value the contributions of the security and developer communities, and we will continue to review our payout scale to ensure that we are recognizing their work and creating value for our customers."
The spokesperson also noted that the company "implemented an initial fix by February 20."
SEE ALSO: 7 Slack privacy settings you should enable now
Interestingly, Slack does appear to have upped the amount it's willing to pay bug bounty researchers for coordinated disclosure. A look at its HackerOne profile page shows that, as of the time of this writing, reporting a remote code execution vulnerability would merit "$5000 and up."
Too late for oskars, but perhaps that will encourage the next security researcher who discovers a critical vulnerability in Slack to report it to the good guys. We should hope so, for the sake of Slack users everywhere.
UPDATE: Aug. 29, 2020, 1:49 p.m. PDT: This story has been updated to include Slack's statement.
Topics Cybersecurity
Packers vs. Eagles 2025: How to watch NFL online
Jay Duplass talks Hades' big introduction to 'Percy Jackson and the Olympians'
Best Garmin deal: The Garmin Venu Sq smartwatch is under $120 at Amazon
'In the Know' review: Stop
Boston Celtics vs. Dallas Mavericks 2025 livestream: Watch NBA online
Cooking with Dante Alighieri by Valerie Stivers
Gov. Brown: California will launch its 'own damn' climate satellites under Trump
Gov. Brown: California will launch its 'own damn' climate satellites under Trump
Best free ChatGPT courses
Best pizza oven deal: Save $150 on Chefman Indoor Pizza Oven
Tips for Playing PlayerUnknown's Battlegrounds
September Notebook, 2018 by Daniel Poppick
Exxon CEO Rex Tillerson, climate archvillain, to be named secretary of state
eBay is laying off 1,000 workers
Best IPL deal: Save $80 on Braun IPL Silk·Expert
Returning to Salman Rushdie’s Haroun by The Paris Review
Mary Gaitskill’s Veronica and the Choreography of Chicken Soup by The Paris Review
Mountains Hidden by Clouds: A Conversation with Anuradha Roy by Pankaj Mishra
The Ultrahuman Ring Air now comes in 18K gold – for a steep price
Emma Cline, Dan Bevacqua, and Robert Glück Recommend by The Paris Review
Amazon deals of the day: 9th generation iPad, Echo Hub, Sony WHBest charger deal: Get the Anker 735 charger for just $30 at AmazonThe 35 best limited series to bingeOpenAI allegedly caught an 'Iranian Influence Operation' using ChatGPTBest Lego deals: Save on multiple Lego sets, from Star Wars to flowers and beyondNYT mini crossword answers for August 17Apple Podcasts are now available on the webWordle today: The answer and hints for August 19Saints vs. the 49ers livestream: How to watch the NFL preseason for free'Hell Hole' review: Body horror at its absolute silliestRecall just got a release date window for Windows PCs. Here’s when you’ll get to test it.Google just released the newest version of its AI image generatorThis man flew first class on six U.S. airlines to see which offered the best experienceBest Windows laptop deals this week: HP, Asus, LG, and moreTop Amazon deals Aug. 21: Echo Buds, Sonos Roam, Kindle KidsGet Kim Kardashian's Beats Studio Pro on sale for $299.95Free Daily Crossword: Everything you need to knowMinnesota Lynx vs. Las Vegas Aces 2024 livestream: Watch live WNBAParalympic Games 2024 livestream: How to watch Paralympics for free'The Acolyte's cancellation is a huge mistake for Star Wars Staff Picks: Morgan Parker, David Grann, George Saunders Jackson Mac Low Restlessly Reinvents the Line Having Trouble Sleeping? Read This. Elon Musk buys Twitter: What we know about blue ticks, layoffs, content moderation and more Billy Joel’s “Miami 2017” Is Even More Depressing Than We Thought Wordle today: The answer and hints for November 7 Reporting Undercover on Nationalism in Ukraine Where do I vote? How to see a sample ballot and make your choice. Best deals of the day Nov. 3: Walmart+ subscriptions, Roombas, Amazon devices, computers, and more Say What You Will About Orwell, the Guy Could Smell Election Day memes lighten the mood. And they talk about Katy Perry, too. Staff Picks: Raymond Pettibon, Jaume Plensa, Carlos Fonseca NFT partygoers blame Bored Ape Yacht Club event for loss of vision Movano Health prepares for November launch of Evie Ring, a health tracker for women Bye literally everyone: 11 best tweets from Twitter's worst week Cows and Clouds: Lois Dodd’s Early Paintings The Try Guys survived a PR crisis. Here's how they did it. Arizona’s Beautiful Commitment to Darkness Whitman’s Secret Novel Three Essays Celebrating Paula Fox (1923–2017)
2.6241s , 8613.6328125 kb
Copyright © 2025 Powered by 【tight sex video】,Evergreen Information Network