News

1Password Offers $100k Bounty to Crack its Security

In a show of either confidence in its own security or eagerness to ensure the integrity of its system, developer AgileBits has quadrupled the highest bounty for finding bugs within its password manager 1Password to a whopping $100,000. While 1Password managed to escape Cloudflare’s Cloudbleed fault last month, despite using the system, the new bounty suggests an imperative on behalf of AgileBits not to get caught out in a similar way.

“We believe that we’ve designed and built an extremely secure password management system,” Jeffrey Goldberg of AgileBits writes. “We wouldn’t be offering it to people otherwise.  But we know that we – like everyone else – may have blind spots. That is why we very much encourage outside researchers to hunt for security bugs. Today we are upping that encouragement by raising the top reward in our bug bounty program.”

“Our 1Password bug bounty program offers tiered rewards for bug identification, starting at $100,” Goldberg explains. “Our top prize goes to anyone who can obtain and decrypt some bad poetry (in particular, a horrible haiku) stored in a 1Password vault that researchers should not have access to. We are raising the reward for that from $25,000 to $100,000. (All rewards are listed in US dollars, as those are easier to transfer than hundreds or thousands of Canadian dollars worth of maple syrup.) This, it turns out, makes it the highest bounty available on Bugcrowd.”

Here’s how to get involved:

  • Go to bugcrowd.com and set up an account.
  • Read the documentation on the 1Password bugcrowd profile.
  • The AgileBits Bugcrowd brief instructs researchers where to find additional documentation on APIs, hints about the location of some of the flags, and other resources for taking on this challenge. Be sure to study that material.
  • Go hunting!

The 1Password Bugcrowd campaign is on-going until further notice.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Assassin’s Creed Boss Calls Shadows’ Inclusivity Backlash ‘Devastating’

The Assassin's Creed Shadows development team has been facing a difficult time amid an ongoing…

46 mins ago

Yoshi-P Says He Would Like a Re-Release of Vagrant Story and Final Fantasy Tactics

More than twenty years after the launch of Vagrant Story, many are still dreaming of…

1 hour ago

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

6 hours ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

6 hours ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

6 hours ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

6 hours ago