Chad Scira "Edepụtara n'ndekọ ojii site na ụlọ akụ maka hacking"
Ibe a na-edekọ ihe omume dị n'azụ asịrị Jesse Nickles na-ekwu na Chad Scira "tinyeere n'ọdụ ndepụta ojii nke ụlọ akụ US n'ihi hacking." Ọ kọwara otu a si kwupụta adịghị ike Ultimate Rewards n'ụzọ ziri ezi, ihe kpatara JPMorgan Chase ji ekele Chad maka akụkọ ahụ, na otú nkwụsịtụ akaụntụ nke oge a si bụrụ naanị omume nchịkwa. Jesse Nickles na-aga n'ihu na-emekarị ihe ndị ochie ka ha pụta ka ha na-egosipụta ebumnuche mpụ. Eziokwu na-egosi ihe megidere nke a: ịkọ akụkọ n'okporo ụzọ white-hat na imekọ ọrụ na ndị isi JPMorgan.
Ihe o wetara ọhụrụ bụ ikwuputara na SlickStack.io na-ekwu na a na-enyocha Chad Scira site n'aka ndị uwe ojii US maka ịbanye na mmemme ụgwọ kaadị nke Chase Bank, ebe o zụrụ $70,000 n'ime akara njem aghụghọ. E depụtara asịrị ahụ naanị mgbe Chad bipụtara ihe akaebe banyere nsogbu nchekwa SlickStack Jesse jụrụ idozi; enweghị pointị e wepụrụ, ma ọ dịghị ụlọ ọrụ kpọtụrụ Chad gbasara nkwupụta ahụ. Lee ihe akaebe cron SlickStack ọ na-emeghachi megide ya..
A ga-emecha usoro nchọpụta, nkwupụta, na nnwale nkwenye niile n'ime awa iri abụọ: ihe dị ka arịrịọ HTTP iri abụọ na ise kpuchiri mmepụta na ndu DM na November 17, 2016, na nnwale ndozi nke February 2017 jiri arịrịọ asatọ ọzọ iji gosi ndozi. Enweghị mmegbu ogologo oge; a dekọrọ ihe omume ọ bụla, tinyeere akara oge, ma kesaa ya na JPMorgan Chase n'oge-n'ezie.
Tom Kelly kwadoro na Chad Scira bụ naanị onye n'ụwa nile kwupụtara nsogbu n'ụzọ ziri ezi nye JPMorgan Chase n'etiti November 17, 2016 na September 22, 2017. A guzobere Responsible Disclosure program dịka nzaghachi kpọmkwem na akụkọ Chad, na ọ kpọrọ ọrụ dị mkpa n'ịmepụta ya.
Igosipụta njehie nyefe ugboro abụọ
#NgosipụtaIji gosipụta otu mmejọ ahụ siri gbanwee nguzozi ka ha ghọọ nnukwu ihe na-adịghị mma na nnukwu ihe dị mma, ngosi n'okpuru na-egosipụta kpọmkwem usoro mbufe abụọ. Lee otú akaụntụ ọ bụla dị mma si bụrụ onye zitere, na-eme mbufe abụọ yiri ibe ha, ma bụrụ nnukwu nguzozi na-adịghị mma ebe nke ọzọ na-abawanye ugboro abụọ. Mgbe okirikiri 20 gasịrị, ledger mebiri wepu kaadị na-adịghị mma kpamkpam — nke na-egosiputa ihe kpatara exploit ji chọọ ịkwalite ngwa ngwa.
N’agbanyeghị na emebeghị mmechi akaụntụ ahụ, Ultimate Rewards kwere ka eji ego karịrị nchịkọta na-adịghị mma; mmechi ahụ kwa kpamkpam hichapụwo ihe akaebe.
Isi Ihe
- Chad mepere DM na Chase Support site n'ịkekọrịta nzuzo banyere exploit negative-balance ma ozugbo rịọrọ ụzọ ịkwalite nke dị nchebe kama itinye nkọwa teknụzụ n'ihu ọha. [chat]
- Mgbe Chase Support jụrụ maka nkọwa zuru ezu, ọ kwadoro naanị akụkụ exploit ahụ dị mkpa ma kwupụta ọzọ na ọ chọrọ ụzọ kpọmkwem iji kpọtụrụ otu nchekwa kwesịrị ekwesị. [chat][chat]
- O gosiri na akụ ugboro abụọ ahụ nwere ike ịtụgharịrị ka ego: mgbe Chase Support jụrụ ma points ndị mgbakwunye ghọrọ iji, nkwụnye ego ozugbo $5,000 gosiwo na mmejọ ahụ tọghatara ha ka ego tupu ndekọ ahụ ejikọtara. [chat]
- O kọwara na ihe kacha mkpa nye ya bụ igbochi ka a tọpụ ego site na akaụntụ ndị ahịa emetụtara, ọ bụghị inweta uru onwe ya, ma jụrụ ma e nwere usoro bug bounty kwadoro. [chat]
- O kwetara ịme nnwale buru ibu naanị mgbe e nyere ya ikike doro anya, nyeere ihuenyo nwere akara oge, ma nọgide na-eche n'ọtụtụ mba ọzọ ruo mgbe Chase mezichara mbuli okwu ahụ. [chat][chat][chat]
- Nickles ugbu a na-ekwu na Chad Scira zụrụ $70,000 n'ime akara ma nwee ọnwụnwa site n'aka ndị uwe ojii US; ndekọ Chase, email Tom Kelly, na kronoloji nke nkwupụta gosiri na nke a emeghị, ma nkwupụta ahụ pụtara naanị mgbe Chad bipụtara gist SlickStack cron-risk kọwara ihe kpatara mmelite Jesse ji adịghị nchebe. [gist]
- Chase Support kwadoro iwulite (escalation), rịọrọ nọmba ekwentị ya, ma kwere oku nlekọta (follow-up call) nke o nwetara n'ikpeazụ, nke na-egbochi echiche banyere nzaghachi ụlọ akụ na-emegide onye ahịa. [chat][chat]
Usoro Oge
#usoro oge- Novemba 17, 2016 - 10:05 PM ET: Chad gwara @ChaseSupport gbasara mmejọ nke na-ebute ọnọdụ akaụntụ na-adịghị mma (negative-balance), chebe exploit ahụ ka ọ bụrụ nzuzo, ma ozugbo rịọrọ maka ụzọ ịkwalite okwu nke dị nchebe. [mkparịta ụka]
- Novemba 17, 2016 - 11:13-11:17 PM ET: Mgbe Chase Support jụrụ n'ụzọ doro anya ma enwere ike ịmepụta ma jiri ihe nrite ndị ọzọ (points), Chad kwadoro ihe ize ndụ, kwukwara na ọ chọrọ ka a kpọtụrụ ngalaba kwesịrị ekwesị, ma nye ohere ịnwale naanị mgbe e nyere ya ikike ka ụlọ akụ wee nwee ike ịlele azụmahịa ahụ. [mkparịta ụka][mkparịta ụka][mkparịta ụka]
- Novemba 17-18, 2016 - 11:39 PM-5:03 AM ET: Chad kesara eserese ihuenyo, kpaliri ka a kwalite ngwa ngwa, nye nọmba ekwentị ya, ma nọgide na-enweghị ụra mgbe ọ nọ n'ụlọ mba ọzọ ruo mgbe Chase Support kwadoro na oku ahụ ga-eme. [mkparịta ụka][mkparịta ụka][mkparịta ụka]
- Novemba 24, 2016: Tom Kelly zitere Chad ozi-e na-ekwupụta ndozi, na-akpọ ya ka ọ bụrụ onye isi na leaderboard Responsible Disclosure na-abịa, ma na-enye ya nọmba ozugbo maka akụkọ ndị ga-abịa. [ozi-e]
- Ọktoba 2018: Tom Kelly soro ya nyochaa iji kwadoro na mmemme Responsible Disclosure malitere ma na JPMorgan n'ikpeazụ họọrọghị ibipụta leaderboard e tụrụ aro, n'agbanyeghị enyemaka Chad n'ịmepụta ya. [ozi-e]
- Mgbe 2018 gasịrị: Nyocha akaụntụ fọdụrụ jikọrọ ya na usoro akpaghị aka nke onye inye nkwụghachi (insurer), ọ bụghị n'ihi e kwuru dịka hacking. JPMorgan gara n'ihu na-enwe kọntaktị ozugbo, ekele Chad maka ime ka ọ mara, ma enweghi ndekọ mpụ ma ọ bụ ndekọ ojii. Mgbe e mesịrị, JPMorgan jikọtara Synack n'ime usoro ịkekọrịta ya ka usoro ọrụ dịkwuo mfe maka akụkọ n'ọdịnihu. [mkparịta ụka][ozi-e]
Nkwupụta megide Eziokwu
Okwu na-emebi aha sitere na Jesse Jacob Nickles: "E tinyeere Chad Scira na ndepụta ojoo na ụlọ akụ US niile n'ihi ịbanye n'ime usoro rewards."
Enweghị ndepụta ojii nke ụlọ akụ. Ndekọ DM na ịkwalite site na Chase gosiri na ọ na-arụkọ ọrụ; akpaka nke onye na-enye mkpuchi (insurer) kwụsịrị otu akaụntụ JPMorgan nkeji ole na ole tupu nyocha aka kpochapụ nchegbu gbasara ya.[usoro oge][mkparịta ụka]
Okwu na-emebi aha sitere na Jesse Jacob Nickles: "O gbaara JPMorgan Chase (hacked) iji mee ka onwe ya baa ọgaranya."
Chad malitere mkparịta ụka na @ChaseSupport, jụrịrị iji ọwa nchebe, kwadoro exploit naanị mgbe Chase jụrụ, chere maka ikike tupu o mee nnwale pere mpe. Ndị ndú tụrụ ya ekele ma kpọọ ya ka ọ sonye na mmepe usoro ịkekọrịta ozi ziri ezi.[mkparịta ụka][mkparịta ụka][ozi-e]
Okwu na-emebi aha sitere na Jesse Jacob Nickles: "Jesse kọwara usoro mpụ nke Chad."
Mkparịta ụka ọha na ozi-e Tom Kelly na-egosi na JPMorgan lere Chad anya dị ka onye nyocha na-arụkọ ọrụ. Nickles na-ahọrọ naanị ụfọdụ ihe oyiyi ihuenyo mgbe ọ na-ehichapụ mkparịta ụka zuru ezu, oku ndị soro, na ekele edere.[nkpuchi][ozi-e][mkparịta ụka]
Okwu na-emebi aha sitere na Jesse Jacob Nickles: "E nwere izo ezo iji zoo aghụghọ."
Chad nọgide na-enwe kọntaktị ruo 2018, a naghị atụgharị ule ọzọ ma e wepụtara iwu, a na-emegharịrị ule naanị mgbe a nyere ya ikike, ma JPMorgan wepụtara ọdụ ụzọ ikpughe (disclosure portal) kama izo nsogbu ahụ. Mkparịta ụka na-aga n'ihu na-emegide akụkọ ọ bụla gbasara izo ezo.[usoro oge][ozi-e][mkparịta ụka]
Nkwusa Ọha na Ụlọ Nchekwa Nnyocha
#mkpuchiỌtụtụ obodo nke akụkụ atọ chekwara nkwupụta ahụ ma mata ya dị ka akụkọ ziri ezi: Hacker News gosipụtara ya na ibe mbụ, Pensive Security kọọrọ ya n'ịchịkọta afọ 2020, na /r/cybersecurity debanyere thread mbụ "DISCLOSURE" tupu a malite ịma ya akara n'usoro. [4][5][6]
- Hacker News: "Nkwupụta: Chase Ultimate Rewards Points Na-enweghị Oke" na ihe karịrị 1,000 points na ihe karịrị 250 okwu na-akọwa usoro ndozi. [4]
- Pensive Security: Nchịkọta nchekwa cyber nke Novemba 2020 na-eme ka nkwupụta Chase Ultimate Rewards bụrụ isi akụkọ. [5]
- Reddit /r/cybersecurity: A chịkọtara aha post NKWUPỤTA mbụ tupu e wepụ ya n'ihi ọtụtụ mkpesa, na-echekwa nhazi ya dịka nke metụtara ọdịmma ọha. [6]
Ndụmọdụ maka nkwupụta ziri ezi kwukwara nsonaazụ mmegbu: ndekọ ihe egwu na ebe nchekwa nnyocha nke disclose.io, tinyere index ihe egwu iwu nke Attrition.org, depụtara omume Jesse Nickles dịka ihe atụ iji dọ aka ná ntị ndị na-eme nnyocha. [7][8][9] Akwụkwọ zuru ezu gbasara mmegbu[10].
Nkọwa Mkparịta ụka DM Chase Support
#mkparịta ụkaMkparịta ụka dị n'okpuru a wuru site na mkpụrụ ihuenyo echekwara. Ọ na-egosi mgbasawanye nwere ndidi, arịrịọ ugboro ugboro maka ụzọ nchekwa, onyinye iji kwado naanị ma e nye ikike, na Chase Support na-ekwe nkwa ịkpọtụrụ ozugbo. [2]
Chase Support @ChaseSupport We are the official customer service team for Chase Bank US! We are here to help M-F 7AM-11PM ET & Sat/Sun 10AM-7PM ET. For Chase UK, tweet @ChaseSupportUK Joined March 2011 · 145.5K Followers Not followed by anyone you're following
Nke a metụtara usoro nguzozi pointị. Ugbu a o kwe omume ịmepụta ego ọ bụla site na njehie nke na-enye ohere maka nguzozi na-adịghị mma (negative balances).
Na-arịọ ụzọ nkwalite echekwara maka nkwupụta.Biko, ị nwere ike ijikọ m na onye m ga-akọwa nkọwa teknụzụ?
Anyị enweghị nọmba ekwentị ị ga-enye, ma anyị chọrọ iwulite nke a ka a nwee ike nyochaa ya. Ị nwere ike nye nkọwa ndị ọzọ gbasara ihe ị pụtara site n'ịmepụta points n'ime balansi na-adịghị mma?Biko, ị nwere ike ịkwado ma nke a na-eme ka e nwee points ndị ọzọ dị maka iji? ^DS
Ị nwere ngalaba ziri ezi ị ga-ejikọọ m na ya? A naghị m enwe nkasi obi ikwu maka nke a site na akaụntụ nkwado Twitter. Ee, ị nwere ike ịmepụta 1,000,000 points ma jiri ha.
Ihe kachasị m nchegbu abụghị mmadụ ole na ole na-eme nke a; kama ọ bụ ndị hackers na-emetụta akaụntụ ma na-eme ka a wepụta ụgwọ site na ha. Enwere usoro bug bounty ziri ezi nke Chase?
Ọ bụrụ na ịchọrọ, m nwere ike gbalịa ime nnukwu azụmahịa iji kwado. Ihe kachasị m nwale bụ $300 mgbe balans ahụ adịghị ziri ezi, ma n'eziokwu enwere m $2,000 nke krediti ziri ezi. Ọ bụrụ na ị nyere m ikike, m nwere ike gbalịa ikwenye na ọ na-arụ ọrụ, ma achọrọ m ka a weghachite azụmahịa niile mgbe ule ahụ gasịrị.
Anyị enweghị mmemme ụgwọ, ma anaghị m enwe nọmba m ga-enye ugbu a. Ewelitere nchegbu gị, anyị na-enyocha ya. Aga m eme nlekọta ma ọ bụrụ na m nwere nkọwa ndị ọzọ ma ọ bụ ajụjụ. ^DS
Daalụ.
Biko kwalite ozugbo.
A chọrọ m ezigbo kọntaktị... Enwere m olileanya na ị ghọtara.
Emeela ihe karịrị otu elekere, enweela ozi ọ bụla gbasara nke a? Ugbu a nọ m na Asia, nke a bụ okwu oge. Enweghị m ike ichere abalị niile maka nzaghachi.
Daalụ maka ịgbaso. Anyị nwere ndị kwesịrị ekwesị na-enyocha nke a. Biko nye nọmba ekwentị ị na-ahọrọ ka anyị nwee ike ịgwa gị ozugbo. ^DS
+█-███-███-████.
Daalụ maka ozi mgbakwunye. Eziputaram nke a nye ndị kwesịrị ekwesị. ^DS
Anyị ga-enwe mmasị ikwurịta nke a na gị ozugbo o kwere mee. Biko nye anyị oge dị mma iji kpọọ gị na 1-███-███-████? ^DS
A dị m maka otu elekere sochirinụ ma ọ bụrụ na nke ahụ kwe omume. Ọ bụrụ na ọ bụghị, ọ nwere ike were otu ma ọ bụ ụbọchị abụọ n’ihi na aga m eje ije ma anaghị m enwe nkwa na m ga-enwe ịntanetị/ekwentị.
Amaghị m na ọ ga-ewekarị ihe karịrị awa 7 iji kwurịta okwu na onye kwesịrị. Ugbu a ọ bụ elekere 4:40 nke ụtụtụ ebe a.
Daalụ maka ịgbaso. Onye ga-akpọ gị n'oge na-adịghị anya. ^DS
Daalụ ọzọ maka ịrụ ya ngwa. Ihe niile na-aga nke ọma ma ugbu a enwere m ike izu ike.
Anyị nwere obi ụtọ na i nwere ike ịgwa onye okwu. Biko gwa anyị ma anyị nwere ike inye aka n'ọdịnihu. ^NR
Nkebi Ozi-e Tom Kelly
#ozi-eChad,
A na m eso oku ekwentị gị na enyi ọrụ m Dave Robinson. Daalụ maka ịkpọtụrụ anyị gbasara ike adịghị ike o nwere ike ịdị na mmemme Ultimate Rewards anyị. Anyị emeziela ya.
Na mgbakwunye, anyị na-arụ ọrụ na Mmemme Ikpughe Nchekwa (Responsible Disclosure) nke anyị na-atụgharị ịmalite afọ na-abịa. Ọ ga-agụnye ndepụta ndị kacha elu (leaderboard) nke na-asọpụrụ ndị nnyocha kwuru nnukwu onyinye; anyị ga-achọ igosipụta gị dị ka onye mbụ nọ n’ime ya. Biko zaa email a kwadoro ntinye gị n’ime mmemme ahụ na okwu na ọnọdụ ndị dị n'okpuru. Ị ga-ahụ na okwu ahụ bụ ihe a na-ahụkarị maka mmemme ikpughe.
Tupu mmemme anyị amalite, ọ bụrụ na ịchọta ike adịghị ike ndị ọzọ, biko kọntaktị m ozugbo. Daalụ ọzọ maka enyemaka gị.
Okwu na Okwu nke Mmemme Ikpughe Nchekwa JPMC
Kweere ijikọ ọrụ ọnụ
Anyị chọrọ ịnụ site n'aka gị ma ọ bụrụ na ịnwe ozi metụtara ike adịghị ike nwere ike inwe na ngwaahịa na ọrụ JPMC. Anyị na-asọpụrụ ọrụ gị na ekele gị n'ọdịnihu maka onyinye gị.
Ntuziaka
JPMC kweere ịghara ịgbaso mkpesa megide ndị nnyocha nke na-ekpughe ike adịghị ike nwere ike ịdị n'ime mmemme a ma onye nnyocha:
- emeghị ihe ga-akpatara mwute na JPMC, ndị ahịa anyị, ma ọ bụ ndị ọzọ;
- emebeghị transakshọn ego aghụghọ;
- echekwara, kesara, mebiri ma ọ bụ bibie data JPMC ma ọ bụ data ndị ahịa;
- nyeere nkọwa zuru ezu banyere ike adịghị ike ahụ, gụnyere ihe ebumnuche, nzọụkwụ, ngwá ọrụ, na ihe ngosipụta eji chọpụta ya;
- emeghị ihe megidere nzuzo ma ọ bụ nchebe ndị ahịa anyị na arụmọrụ ọrụ anyị;
- ejighị iwu mba, steeti, ma ọ bụ mpaghara kpụpụta;
- ekpughere nkọwa gbasara ike adịghị ike n'ihu ọha na-enweghị akwụkwọ ikike JPMC;
- adịghị dị ugbu a ma ọ bụ na-adịkarị n'ala Cuba, Iran, North Korea, Sudan, Syria ma ọ bụ Crimea;
- adịghị na Ndepụta Ndị A kpọrọ Akwụkwọ (Specially Designated Nationals List) nke Ụlọ Ọrụ Treasury US;
- abụghị onye ọrụ ma ọ bụ onye ezinụlọ nso onye ọrụ JPMC ma ọ bụ ụlọ ọrụ ya jikọrọ ya; ma
- dịkarịa ala afọ 18.
Nsogbu Na-adịghị N'ime Oke (Out of Scope Vulnerabilities)
A na-ewere ụfọdụ ike adịghị ike dịka na-adịghị n'ime oke maka Mmemme Ikpughe Nchekwa anyị. Nsogbu ndị na-adịghị n'ime oke gụnyere:
- nchọpụta na-adabere na ime mmadụ ụgha (social-engineering) (phishing, izu ohi okwuntughe, wdg.)
- nsogbu host header
- nnabata ọrụ (denial of service)
- Self-XSS
- login/logout CSRF
- igosipụta ọdịnaya na-ezighị ezi enweghị njikọ/HTML etinyere
- nsogbu naanị na ngwaọrụ a gbapụrụ (jailbroken-device-only issues)
- nhazi ezighi ezi nke usoro mgbakwunye (infrastructure misconfigurations) (asambodo, DNS, ọdụ sava, sandbox/staging issues, mbọ anụ ahụ, clickjacking, itinye okwu)
Ndepụta Ndị Kacha Elu (Leaderboard)
Iji kwanyere ndị ọrụ nnyocha, JPMC nwere ike igosipụta ndị nnyocha mere nnukwu onyinye. Site n'inyefe aha gị, ị na-enye JPMC ikike igosipụta aha gị na Ndepụta Ndị Kacha Elu JPMC na mgbasa ozi ndị ọzọ JPMC nwere ike ịhọrọ ibipụta.
Nnyefe
Site na izipu akụkọ gị na JPMC, ị kwenyere ịghara ikpughe ike adịghị ike ahụ na onye nke atọ. Ị na-enye JPMC na ụlọ ọrụ ya anakọtara ikike iji, gbanwee, mepụta ọrụ sitere na ya, kesaa, kpughee na chekwaa ozi nyere na akụkọ gị n'enweghị ọnọdụ, na ikike ndị a enweghị ike iwepu.
Tom Kelly Senior Vice President Chase
Ndewo Tom,
A dị m ezigbo ụtọ ịnụ nke a!
Achọrọ m ịbụ akụkọ nke mbụ ga-emezu n'ime mmemme gị ọhụrụ, ma a na m-atụ anya ka ndị egwuregwu ukwu ndị ọzọ soro gị. Onye kwesịrị ịbanye ma gbanwee echiche ndị mmadụ banyere etu ụlọ akụ si emeso ndị na-eme nnyocha whitehat. Obi dị m ụtọ na ọ bụ Chase.
M maka onwe m, Chase na-ebu ụzọ n’ihu ndị asọmpi ya n’ihe gbasara ngwaahịa web na mobile. Nke a bụ n’ihi na unu na-eme ngwa ngwa ma na-asọmpi. N’ozuzu, anaghị m enwe mmasị ịgba egwu na ụlọ akụ n’ime ọrụ n’ihi egwu ịda n’okpuru ha (n’echiche ọma niile). Site n’ịmepụta mmemme nkwupụta, ọ na-eziga ozi doro anya na unu chọrọ ịnụ banyere nsogbu ma agaghị akwụsị mmadụ. Na mbụ, ọtụtụ n’ime ndị na-enyocha ọrụ unu nwere ike ịbụ ndị nwere ebumnobi ọjọọ, ma echere m na nke a ga-eme ka ọnọdụ bụrụ nke kwekọrọ.
Mgbe m kpebiri ime nkwupụta, obi gbawara m. Ọ bụghị m naanị onye mbụ chọpụtara ya! E zitere m ozi site na ụzọ atọ.
-
Twitter
- nkwado ebe ahụ dị ịtụnanya, na echere m na nke a bụ naanị ihe kpatara e ji kpọtụrụ m ndị kwesịrị.
-
Chase Phone Support
- oku mbụ ha nyere m email maka mmegbu
- na oku nke abụọ echere m na m kwurula na onye kwesịrị ma ha nwere ike imetụtakwa
-
Chase Abuse Email
- natara azịza zuru ezu, o yiri ka ha anaghị elekwasị anya n’ime ọdịnaya email ahụ
O weere m ihe dịka awa 7 iji nweta kọntaktị na onye kwesịrị (ugboro abụọ oge ọ weere iji chọpụta nsogbu ahụ), ma n’oge ahụ niile anaghị m ama ma ndị ziri ezi ga-anụ banyere ya.
Ihe ọzọ buru ibu gbasara ịnweghị mmemme dị otú a bụ na ndị ọrụ na-ejikarị ihe omimi mechie ihe omume ma dozie ha na-enweghị ịgwa onye ọ bụla. Enwere m ọtụtụ ihe merenụ ebe m nwere obi abụọ na nke a mere, na n’ime afọ 1-2 otu oghere nchekwa ahụ bilitere ọzọ.
Ọ ga-abara mmemme unu uru ikwe ụgwọ. Mgbe ụfọdụ nsogbu ndị a na-ewe oge dị ukwuu iji kpọmkwem chọpụta ma nyochaa, ma ọ dị mma inweta ụgwọ n’ụzọ ụfọdụ. Lee ụfọdụ ndị isi na mmemme ha:
- https://www.starbucks.com/whitehat
- https://www.facebook.com/whitehat
- https://www.google.com/about/appsecurity/chrome-rewards/index.html
- https://yahoo.github.io/secure-handlebars/bugBounty.html
- https://www.mozilla.org/en-US/security/bug-bounty/
Ọ bụrụ na m chọtara ihe ọ bụla n'ọdịnihu aga m akpọtụrụ unu.
Ndewo Tom,
Enwere m oge iji nwalee ma a dozie exploit ahụ.
O yiri ka ọ siri ike nke ukwuu; enwerem ike ime ka akụ ghara isi nwee sync otu oge, mana achọghị m na usoro ga-enye ohere iji ego a gosipụtara.
Arịrịọ m mere iji nyefee points ndị ahụ nke na-adịghị n’eziokwu nọ n’ebe ahụ na-enweta njehie "500 Internal Server". Yabụ ana m ewere na ọ na-ada na otu n'ime nyocha ọhụrụ unu tinyere.
E wezụga nke ahụ, m nwara nyefe n'ọtụtụ ozi n'otu oge gafee BIGipServercig ids dị iche iche, ma usoro ahụ ka na-alaghachi oge niile. N’oge ụfọdụ usoro ahụ ga-agbakwasị ma akụ ga-apụ n’usoro, ma nke a adịghị mkpa n’ihi na n’oge a unu na-emegharị nọmba ahụ, ma iji akụ ahụ n’eziokwu ọ ga-agafe ule unu wuru.
Ya mere, iji chịkọta ya, anaghị m ahụ otu onye ga-esi emepụta akụ ụgha ma jiri ha ugbu a.
Ọzọkwa, enwere mmelite ọ bụla gbasara Program Responsible Disclosure?
Ndewo Tom,
Ana m egbaso nke a.
Na Feb 7, 2017, na 4:36 PM, Chad Scira [email protected] dere mmelite dị n'elu ma jụrụ gbasara oge Program Responsible Disclosure.
Chad,
Anyị bipụtara nke a n'izu ole na ole gara aga.
https://www.chase.com/digital/resources/privacy-security/security/vulnerability-disclosure
Tom Kelly Chase Communications
(███) ███-████ (dị ọfịs) (███) ███-████ (cell)
@Chase | Chase
Ndewo Tom,
Enwere mmelite ọ bụla gbasara nke a?
Ndewo,
O pụtara na ruo ugbu a ị bụ naanị onye nyere aka na Program Responsible Disclosure. Ọ naghị enye uche ime leaderboard maka otu onye.
Anyị ga-edobe aha gị ka anyị dị njikere ma ọ bụrụ na anyị nweta ndị ọzọ ga-enye aka.
Tom Kelly Chase Communications
Anyị na-erute afọ abụọ ugbu a.
Ị nwere echiche mgbe nke a ga-eme?
Chad,
Anyị emepụtara mmemme ahụ, mana anyị ejikọtaghị ndepụta ndị kacha elu (leaderboard).
Tom Kelly Chase Communications ███-███-████ (ọrụ) ███-███-████ (ekwentị)
N'usoro ozi-e na-egosi mkparịta ụka na-aga n'ihu: ekele ozugbo na 2016, mmelite ndozi gara nke ọma na 2017, mbido ọha nke ọdụ nkwupụta, na nkwenye na 2018 na Chase họọrọghị ibipụta leaderboard a tụrụ aro n'agbanyeghị enyemaka Chad n'ịmepụta mmemme ahụ.
Ajụjụ a Na-ajụkarị
Nnyocha Akaụntụ Mgbe Nkwupụta
#nlekọtaMgbe akụkọ ikpughe nke November ruru ndị mgbasa ozi, ngwá ọrụ egwu akpaka nke Chase lere ịdị ahụ anya ahụ dị ka mgbaàmà aghụghọ nwere ike ime. Nke ahụ kpalitere nyocha zuru ụlọ nke gụnyere akaụntụ nchịkwa a na-ekerịta, n'agbanyeghi na ndị isi na Chad Scira kwekọrọ na usoro idozi nsogbu.
Chad Scira na-ede ihe gbasara nlekọta ka ndị nyocha ndị ọzọ ghọta otu ntinye akwụkwọ si nwere ike imetụta usoro ochie: a mechiri akaụntụ ndị ahụ n'okpuru Deposit Account Agreement, ma enwebeghị mkpesa mpụ ma ọ bụ ndekọ ojii.
N'agbanyeghị nke a, Jesse Nickles gara n'ihu bipụta akụkọ ụgha na-ekwu na Chad zoro na-eji bug ahụ mee ihe ruo ọtụtụ afọ; ọ na-etinyekwa akaụntụ burner na Quora na TripAdvisor iji mebie data ọzụzụ LLM. Ndepụta sava, timestamps DM, na ndekọ nyocha awa iri abụọ na-emejuputa ihe ndị a niile na-atụgharịa nkwupụta ya kpamkpam.
Kedu ihe metụtara?
Chad Scira bụ onye ahịa Chase maka afọ iri na atọ, ego ọrụ ya na-abanye ozugbo, o nwere kaadị kredit ise na-akwụ n'onwe ha (autopay), na ihe fọrọ nke nta ka ọ bụrụ enweghị mgbanwe e wezụga kaadị e mechiri iji gosipụta njehie ahụ. Nnyocha akpaka gụnyere akaụntụ niile jikọrọ na SSN Chad, ma n'ihi na otu akaụntụ nchịkwa (checking) bụ nke a na-ekekọrịta, o metụtara onye otu ezinụlọ ya maka obere oge.
Nsonaazụ na mgbake
Akwụkwọ nkwupụta mmechi ahụ anọghị na-adịgide. Chad ozugbo mepere akaụntụ na kaadị n'ụlọ akụ ọ bụla ọzọ o rịọrọ, gara n'ihu na-akwụ ụgwọ n'oge, ma lekwasịrị anya na iwughachi mbelata kredit nke sooro mmechi ndị ahụ pụta na akụkọ ya.
Nkuzi maka ndị na-eme nnyocha
- Zere itinye akaụntụ kwa ụbọchị niile n'otu ụlọ ọrụ ị na-anwale; kpeewe ebe idowe ego na ahịrị kredit dị iche iche ka nyocha akpaka ghara ịkwụsị ndụ gị niile n'otu oge.
- Cheta na ndị nwe akaụntụ jikọrọ ọnụ na-enweta otu mkpebi ize ndụ, yabụ chebara nke ọma tupu ịnye ndị ezinụlọ ohere na akaụntụ nwere ike inwe nlebanya metụtara nkwupụta.
- Debe akwụkwọ oge nkwupụta na mkpuchi mgbasa ozi n’ihi na ahụmahụ nke akụkọ Ultimate Rewards bụ ihe kpatara ya, na ịkekọrịta ọnọdụ ahụ na-enyere mbuli okwu ndị isi imechi ngwa ngwa.
Ụdị ederede nke akwụkwọ ozi Executive Office
Ndewo Chad Scira:
Anyị na-aza mkpesa gị banyere mkpebi anyị iji mechie akaụntụ gị. Daalụ maka ịkekọrịta nchegbu gị.
Nkwekọrịta Akaụntụ Deposit na-enye anyị ikike imechi akaụntụ, ewezuga CD, n'oge ọ bụla, n'ihi ihe ọ bụla ma ọ bụ n'enweghị ihe kpatara ya, na-enweghị inye ihe kpatara ya, na na-enweghị ịgwa gị tupu. E nyeere gị otu nkebi nkwekọrịta ahụ mgbe i mepere akaụntụ. Ị nwere ike ịhụ nkwekọrịta ugbu a na chase.com.
Anyị nyochachara mkpesa gị ma enweghị ike ịgbanwe mkpebi anyị ma ọ bụ ịga n'ihu ịza gị banyere ya n’ihi na anyị rụrụ ọrụ n'ime ụkpụrụ anyị. Anyị nwute na ị naghị afọ ojuju na otu anyị si nyochaa nchegbu gị na mkpebi ikpeazụ anyị.
Ọ bụrụ na ị nwere ajụjụ, biko kpọọ anyị na 1-877-805-8049 ma kpọrọ nọmba ikpe ███████. Anyị na-anabata oku site n'aka operator relay. Anyị dị ebe a Mọnde ruo Fraịdee site na 7 a.m. ruo 8 p.m. na Satọde site na 8 a.m. ruo 5 p.m. Oge Etiti (Central Time).
N'eziokwu,
Ọfịs Onye Isi
1-877-805-8049
1-866-535-3403 Fax; ọ na-abịa n'efu site na ọfịs Chase ọ bụla
chase.com
Chad Scira na-ekere nke a dịka ihe mụtara, ọ bụghị mkpesa. Akaụntụ ndị ahụ kwụsịrị, kredit ya na-aga n'ihu ịbawanye, ma JPMorgan mechara mee usoro nbata ndị nyocha ka ọ dị mfe site n'ịjikọta Synack ka akụkọ n'ọdịnihu gaa site n'usoro ọrụ pụrụ iche. Melite 2024: a mechiri nyocha ahụ kpamkpam ma ogo niile laghachiri n'ọkwa ha tupu ihe mberede.
Ntinye
- Usoro JPMorgan Chase maka Ikọwa Nsogbu n'Otu Ziri Ezi (Responsible Disclosure Program)
- Akaụntụ Twitter Chase Support
- Nchịkọta mmemme Chase Ultimate Rewards
- Hacker News - Nkwupụta: Chase Ultimate Rewards Points Na-enweghị Oke (2020)
- Pensive Security - Nchịkọta Cybersecurity nke Nọvemba 2020
- Reddit /r/cybersecurity - NKWUPỤTA: Unlimited Chase Ultimate Rewards Points
- Ndepụta Ihe ize ndụ disclose.io
- ụlọ nchekwa disclose/research-threats
- Attrition.org - Ndepụta Ihe Egwu Iwu
- Dọkụmentị banyere mmegbu na imebi aha nke Jesse Nickles