The security of your connection and private data is of extreme importance to us at Team9000.
In yet another effort to further increase your security and privacy, starting today, March 31, 2012, we will begin providing rewards for the discovery of exploits or security holes in the various Team9000 Services. We hope that this incentive will be enough to encourage the submission of any flaws or issues you guys may discover.
The rewards for discovered vulnerabilities are as follows:
$250 USD for any of the following vulnerabilities:
Direct access to any Team9000 database
Access to private user e-mail addresses
Access to user passwords (hashed or plaintext)
SQL Injection vulnerability
Machine access via SSH, Remote Desktop, or code exploit
$100 USD for any of the following vulnerabilities:
XSS Exploit
Discovery of salt used in hash function for Team9000 Camo or Team9000 Auth
Access to raw PHP code which is normally parsed by the server
Access to any file outside of the root web directory, which is not meant to be shared
Terms and regulations:
How to submit an exploit you feel may be eligible:
As far as we know, this level of dedication to community security is a first for Gaming Communities around the world -- let's continue making the internet a safer place!
Thank you to everyone for your support!
List of winning submissions:
6/16/2012 - SSO link hash XSS ($100): https://bugs.team9000.net/view.php?id=134
9/16/2012 - XSS in ZeroClipboard ($50): https://bugs.team9000.net/view.php?id=228
In yet another effort to further increase your security and privacy, starting today, March 31, 2012, we will begin providing rewards for the discovery of exploits or security holes in the various Team9000 Services. We hope that this incentive will be enough to encourage the submission of any flaws or issues you guys may discover.
The rewards for discovered vulnerabilities are as follows:
$250 USD for any of the following vulnerabilities:
Direct access to any Team9000 database
Access to private user e-mail addresses
Access to user passwords (hashed or plaintext)
SQL Injection vulnerability
Machine access via SSH, Remote Desktop, or code exploit
$100 USD for any of the following vulnerabilities:
XSS Exploit
Discovery of salt used in hash function for Team9000 Camo or Team9000 Auth
Access to raw PHP code which is normally parsed by the server
Access to any file outside of the root web directory, which is not meant to be shared
Terms and regulations:
- Each person is limited to one reward submission at a time.
- A security exploit can only be claimed once, and will only be awarded to the first reporter.
- Only one "valid" report will be processed at a time, meaning if an XSS exploit is discovered, Team9000 will have time to fix the reported exploit and any related exploits prior to closing the report and allowing new reward applications to be submitted.
- To be eligible for a reward, you must disclose the full exploit as described in the submission process.
- The Security Challenge may be closed at any time, for any reason, with or without prior warning.
- The Security Challenge will be open for submissions until 12/31/2014, unless extended prior to that date.
- Issues found in software created by other companies will not be eligible for a reward unless they result in data compromise in unrelated software. For example, an exploit in XenForo code which breaks XenForo will not be eligible, but an exploit in MediaWiki which reveals Team9000 user passwords would certainly be acceptable.
- Any attack involving the use of phishing, DDOS or other network flooding will not be accepted for a reward.
How to submit an exploit you feel may be eligible:
- Post a new report on bugs.team9000.net with the full details of the issue, including reproduction steps if appropriate. Please mark the bug as "Private" if related to a security issue.
- If bugs.team9000.net has been compromised, please email us directly using the website Contact Us form.
- Please mention in your report that you believe the issue may be a candidate for the Team9000 Security Challenge.
- We will review the report as quickly as possible, and reply back to you with details if a reward payment is applicable.
As far as we know, this level of dedication to community security is a first for Gaming Communities around the world -- let's continue making the internet a safer place!
Thank you to everyone for your support!
List of winning submissions:
6/16/2012 - SSO link hash XSS ($100): https://bugs.team9000.net/view.php?id=134
9/16/2012 - XSS in ZeroClipboard ($50): https://bugs.team9000.net/view.php?id=228
