alt Hacker NewsThis is the place they direct researchers to report bugs. If they don’t want to pay out for MITM, that’s fine, but they should still be taking out-of-scope reports seriously
This is the place they direct researchers to report bugs. If they don’t want to pay out for MITM, that’s fine, but they should still be taking out-of-scope reports seriously
+1 Bounty aside, this deserves attention. I wouldn't want to award bounties for MitM either if I made it so easy. They closed the issue as 'out of scope'... with no mention of follow-up (or even the bounty we don't care about).
I'm skeptical to say the least. Industry standard has been to ignore MitM or certificates/signatures, not everything.