Chad Scira "E debere ya n’ndepụta ojii n'ụlọ akụ maka hacking"
Ibe a na-akọwa ihe mere n’azụ asịrị Jesse Nickles na Chad Scira bụ “a machibidoro ya n’ụlọ akụ US maka ịkụ kọmputa.” Ọ na-akọwa otu esi eme nkwupụta n’ezie banyere ntụpọ na Ultimate Rewards, ihe kpatara JPMorgan Chase ji keleere Chad maka akụkọ ahụ, na otu nkwụsị akaụntụ nwa oge si bụrụ naanị nke nchịkwa. Jesse Nickles na-aga n’ihu ịkwakọta ihe ochie n’ụzọ ọhụrụ iji gosi ebumnuche mpụ. Eziokwu na-egosi ihe dị iche: ịkọrọ ihe n’ụzọ white-hat na imekọrịta ihe na ndị isi JPMorgan.
Ọrụ nkwụsị ikpeazụ ya bụ okwu a na SlickStack.io na-ekwupụta na m "kwara ka a nwale m kwa site n’aka ọchịchị iwu United States maka hacking n’etiti mmemme ụgwọ ọrụ kaadị kredit Chase Bank, ebe o ji aghụghọ were rute $70,000 n’ihe mkpali njem ụgha." Nkwasa aha ọjọọ ahụ wepụtara naanị mgbe m bipụtara ihe àmà nke nsogbu nchekwa SlickStack o jụrụ idozi; e nweghị mgbọghọ e jiri n’aka, ma e nweghị ụlọ ọrụ ọ bụla kparịtara m gbasara nkwupụta ahụ. Lee akaebe cron SlickStack nke o na-alaghachi ụta megide ya.
Usoro nchọpụta, nkwupụta na nnyefe nkwenye dum mere n’ime elekere iri abụọ: ihe dị ka arịrịọ HTTP iri abụọ na ise kpuchiri mmeghari omume na ntuziaka DM na Nọvemba 17, 2016, ma ule ndozi nke Febrụwarị 2017 jiri arịrịọ asatọ ndị ọzọ iji gosi na ihe a kpochapụrụ. Enweghị ojiji na-adịghị anya; a dere ihe omume ọ bụla n’akwụkwọ ndekọ, tinyere oge mere ya, ma kesaa ya na JPMorgan Chase n’oge ahụ ka ọ na-eme.
Tom Kelly kwadoro na Chad Scira bụ naanị onye n’ụwa niile mere nkwupụta zaghachi n’ezie nye JPMorgan Chase n’etiti Nọvemba 17, 2016 na Septemba 22, 2017. A guzobere mmemme Responsible Disclosure ozugbo n’ihi akụkọ Chad, ma ọ sonyere nke ukwuu n’ịmepụta usoro ya.
Ịrụpụta eserese nke njehie Nyefe Ugboro Abụọ
#nhọpụta anya / eserese (visualization)Iji gosi otú ntụpọ ahụ si eme ka ogo gbanwee bụrụ nnukwu ntụpọ na-adịghị mma na nke dị mma, eserese dị n’ala a na-egosiputa nlebipụta nke usoro mbufe ugboro abụọ n’ezie. Hụ ka akaụntụ ọ bụla nwere ego dị mma na-abụ onye na-eziga ego, na-eme mbufe abụọ yiri nke ahụ, ma kwụsịrị n’ọnọdụ ntụpọ miri emi ebe nke ọzọ na-abawanye okpukpu abụọ. Mgbe oge iri abụọ gasịrị, ledger dara ada kpamkpam na-ewepụ kaadị na-adịghị mma—na-egosi nke ọma ihe kpatara eji chọọ ka a bulie ntụpọ a n’ogo kachasị elu n’ozuzu.
Tupu emechie akaụntụ ahụ kwa, Ultimate Rewards kwere ka e jiri ya rụọ ọrụ gafee nrụtụ aka na-adịghị mma; mmechi akaụntụ ahụ naanị wepụrụ ihe àmà.
Isi Ihe
- Chad mepere DM Chase Support site n’ikwupụta n’ime nzuzo exploit ego na-adịghị mma ma kpọọ ozugbo maka ụzọ nchekwa a ga-esi bulie ya elu kama ịkpọsa teknụzụ ahụ n’ihu mmadụ. [chat]
- Mgbe Chase Support jụrụ ya ka o doo anya, ọ kwadoro exploit ahụ naanị n’ogo achọrọ, ma jekwaa ozi ọzọ na ihe ọ chọrọ bụ ahịrị nkwurịta okwu ozugbo ruo n’otu nchekwa ziri ezi. [chat][chat]
- O gosiri na a pụrụ ime ka ego dị n’aka site na ugboro abuo n’akụkụ ịkpọọ ya: mgbe Chase Support jụrụ ma points ndị agbakwunyere aghọrọla ihe a pụrụ iji, ego mbufe $5,000 gosiri na oghere nchekwa a gara n’ego tupu ledger weghachite ọnọdụ ya. [chat]
- O mere ka o doo anya na ihe kacha mkpa ya bụ igbochi ka a ghara ji aka emebi akaụntụ ndị ahịa kpochapụ ego ha, ọ bụghị imepụta uru ego onwe ya, ma o jụrụ ma e nwere ọrụ bug bounty kwadoro n'ụzọ iwu. [chat]
- O nyere aka ịme nyocha buru ibu naanị ma ọ bụrụ na e nyere ya nkwenye doro anya, nye foto ihuenyo nwere timestamp, ma nọnye anya n’anya n’ụwa ọzọ ruo mgbe Chase mechara ịkwalite okwu ahụ n’ogo dị elu. [chat][chat][chat]
- Nickles ugbu a na-akatọ na m ji aghụghọ wepụ $70,000 n’akụkụ ihe mkpali ma soro ndị uwe ojii U.S. na-azụ ahịa; ndekọ Chase, ozi-e Tom Kelly, na usoro oge ikpughe ahụ na-egosi na nke a emeghị, ma okwu a pụtara naanị mgbe m bipụtara SlickStack cron-risk gist nke na-akọwa usoro mmelite ya na-adịghị echebe. [gist]
- Chase Support kwadoro ntughari okwu ahụ, jụrụ nọmba ekwentị ya, ma kwere oku nleba anya o mechara enweta, nke na-agbaji echiche na e zaghachiri ya n'ụzọ iwe n'ụlọ akụ. [chat][chat]
Usoro Oge
#usoro oge- Nov 17, 2016 - 10:05 PM ET: Chad kụziri @ChaseSupport banyere ntụpọ ego na-adịghị mma, zọpụtara exploit ahụ n’ime nzuzo, ma kpọọ ozugbo maka ụzọ nchekwa a ga-esi bulie ya elu. [chat]
- Nov 17, 2016 - 11:13-11:17 PM ET: Mgbe Chase Support jụrụ n'ụzọ doro anya ma a pụkwara ịmepụta isi ihe ndị ọzọ ma rie ha, Chad kwadoro ihe ize ndụ ahụ, kọrọ ọzọ na ọ chọrọ ngalaba kwekọrọ ekwekọ, ma nye arịrịọ ịlele naanị ma e nyere ya ikike ka ụlọ akụ nwee ike ilele azụmahịa ndị ahụ. [chat][chat][chat]
- Nov 17-18, 2016 - 11:39 PM-5:03 AM ET: Chad kesara screenshots, kpọkuo ka e mee mgbasawanye ngwa ngwa, nyere nọmba ekwentị ya, ma nọdụ n’alert n’ụwa ọzọ ruo mgbe Chase Support kwadoro na oku ahụ ga-eme. [chat][chat][chat]
- Nov 24, 2016: Tom Kelly zigara Chad ozi email iji kwado na ndozi emeela, kpọọ ya ka ọ bụrụ onye isi aha n’isi ndepụta ndị ga-abịa na-ebute aha na mmemme nkwupụta na-arụ ọrụ n’ọrụ, ma nye ya ahịrị nkwurịta ọnụ ozugbo maka akụkọ n’ọdịnihu. [email]
- October 2018: Tom Kelly soro ya ọzọ iji kwado na mmemme nkwupụta na-arụ ọrụ n’ọrụ amalitela, ma n’ikpeazụ JPMorgan kpebikwara na ha agaghị ebipụta ndepụta aha a tụrụ ime, n’agbanyeghị enyemaka Chad nyere n’ịhazigharị ya. [email]
- Post-2018: Nnyocha akaụntụ fọdụrụnụ ọ bụla jikọtara na akpaka ụlọ ọrụ mkpuchi, ọ bụghị n’ihi ebubo ịkụ data. JPMorgan nọgidere na kọntaktị kpọmkwem, kele Chad maka mkpọsa ahụ, ma enwebeghị ndekọ mpụ ma ọ bụ ndepụ ọnụ ojii. Mgbe e mesịrị, JPMorgan jikọtara Synack na usoro mkpughe ya ka usoro ọrụ wee bụrụ nke dị mfe maka akụkọ ọdịnihu. [chat][email]
Mkpesa megide Eziokwu
Mkpesa ihere na-emerụ aha sitere n’aka Jesse Jacob Nickles: "A chụpụrụ Chad Scira n'ụlọ akụ US niile maka ịgbawa usoro onyinye."
Enweghị ndepụta ndị e jidere ụlọ akụ. Ndekọ DM na ndọtị Chase na-egosi na ọ na-arụkọ ọrụ; akpaaka ụlọ ọrụ mkpuchi kwụsịrị otu akaụntụ JPMorgan nwa oge tupu nyocha aka gosi na ọ dị ọcha.[timeline][chat]
Mkpesa ihere na-emerụ aha sitere n’aka Jesse Jacob Nickles: "O gbawara JPMorgan Chase iji mepụta uru onwe ya."
Chad bụ onye malitere mkparịta ụka na @ChaseSupport, kwusiri ike na a jiri ọwa echekwabara ya, kwadoro exploit ahụ naanị mgbe Chase jụrụ, ma chere ikikere tupu o mee nnwale pere mpe. Ndị isi oche ukwu keleere ya ma kpọọ ya ka ọ sonye n’itinye usoro nkwupụta zere ihe ize ndụ n’ọrụ.[chat][chat][email]
Mkpesa ihere na-emerụ aha sitere n’aka Jesse Jacob Nickles: "Jesse kpughere atụmatụ mpụ nke Chad mere."
Ikpughe ọha na ozi-e Tom Kelly na-egosi na JPMorgan lere Chad anya dịka onye na-eme nchọpụta na-arụkọ ọrụ. Nickles na-ahọ naanị foto ihuenyo ga-eju ya anya ma hapụ mkparịta ụka zuru ezu, oku ekwentị soso, na ozi ekele dere n’akwụkwọ.[coverage][email][chat]
Mkpesa ihere na-emerụ aha sitere n’aka Jesse Jacob Nickles: "E nwere mmemme ikpuchi ihe iji zoo izu ohi."
Chad nọgidere na-enwekwa mmekọrịta ruo 2018, mere nnwale ọzọ naanị mgbe enwetara ikikere, ma JPMorgan wepụtara portal nkwupụta ya kama izo okwu ahụ ezo. Mkparịta ụka na-aga n’ihu na-emegide akụkọ ọ bụla gbasara itinye ya n’ime ozu.[timeline][email][chat]
Ikpughe Ọha na Nchekwa Ndekọ Ọmụmụ
#mkpuchiỌtụtụ obodo ndị ọzọ n’etiti ụlọ ọrụ kwadoro ma chekwaa ikpughe ahụ ma kweta ya dịka mkpughe ziri ezi: Hacker News gosipụtara ya n’isi ibe ha, Pensive Security mere nchikota ya na nchịkọta nchekwa ozi 2020, ma /r/cybersecurity debara isiokwu mbido "DISCLOSURE" tupu mmegharị ịkọrọ ọnụ mee ka e gbutuo ya. [4][5][6]
- Hacker News: "Nkwuputa: Enweghị oke Chase Ultimate Rewards Points" nwere ihe karịrị 1,000 points na ihe karịrị 250 nkwupụta na-akọwapụta ndabere mmezi nsogbu. [4]
- Pensive Security: Nchịkọta Nchekwa Ozi Nọvemba 2020 nke na-ekwupụta ikpughe Chase Ultimate Rewards dịka akụkọ kachasị mkpa. [5]
- Reddit /r/cybersecurity: A jidere isiokwu mbido DISCLOSURE tupu ewepu ya n’ihi ọtụtụ akụkọ ọnụ, na-echekwa ụzọ e si gosi ya dịka ihe maka mmasị ọha. [6]
Ndị na-akwado ikpughe ziri ezi kwukwara banyere nsonaazụ ịkpa ókè ahụ: ndekọ egwu na nchekwa ọmụmụ disclose.io, tinyere index nke mmegbu iwu Attrition.org, depụtara omume Jesse Nickles dịka ihe atụ ịdọ aka ná ntị nye ndị na-eme nchọpụta. [7][8][9] Akwụkwọ zuru ezu banyere ọkụgụ na ịchụ nta mmadụ[10].
Nkọwa mkparịta ụka DM Chase Support
#mkparịta ụkaMkparịta ụka dị n’okpuru a wurugharịrị site n’eserese ihuenyo echekwara n’archive. Ọ na-egosi ntachi obi n’itinye ya n’ogo dị elu, arịrịọ ugboro ugboro maka ọwa nchekwa, onyinye ịlele naanị mgbe enwetara nkwenye, na nkwa Chase Support na ha ga-akpọtụrụ ya kpọmkwem. [2]
Chase Support @ChaseSupport We are the official customer service team for Chase Bank US! We are here to help M-F 7AM-11PM ET & Sat/Sun 10AM-7PM ET. For Chase UK, tweet @ChaseSupportUK Joined March 2011 · 145.5K Followers Not followed by anyone you're following
Nke a metụtara sistemụ ogo ihe mkpali (points balance). Ugbu a, o kwere omume ịmepụta ego ọ bụla site na njehie na-ekwe ka e nwee ntụpọ na-adịghị mma.
Arịrịọ maka ụzọ nchekwa a pụrụ ịdabere na ya iji kwalite ikpughe.Biko ị nwere ike jikọta m na onye m nwere ike kọwara ha akụkụ teknụzụ ahụ?
Anyị enweghi nọmba ekwentị anyị nwere ike inye, ma anyị chọrọ ibuli nke a elu ka e wee nwee ike ileba ya anya nke ọma. Ị nwere ike inye nkọwa ndị ọzọ gbasara ihe ị na-ekwu mgbe ị na-asị ịmepụta points n’ime akaụntụ nwere nguzozi na-adịghị mma (negative balances)? Ị nwekwara ike kwado ma nke a na-ekwe ka isi ihe ndị ọzọ bụrụ ihe a pụrụ iji rụọ ọrụ? ^DS
Ị nwere ngalaba kwesịrị ekwesị m nwere ike kparịta ya? Adịghị m enwe obi ike ikwurịta nke a site na akaụntụ nkwado Twitter. Ee, ị nwere ike imepụta akara 1,000,000 ma jiri ha.
Nchegbu m kasịnụ abụghị banyere ndị mmadụ na-eme nke a n’onwe ha. Ọ bụ banyere ndị ohi kọmputa na-enweta njide akaụntụ ma na-akpali ka a kwụọ ha ego site na akaụntụ ndị a. Ò nwere mmemme bug bounty nke Chase kwadoro nke ọma?
Ọ bụrụ na ịchọ, m nwere ike ịnwale ime nnukwu transakshọn iji kwado ya. Nke kacha m nwale bụ $300 mgbe bhalans ahụ na-ada ụkwa, mana n’eziokwu enwere m $2,000 n’ego ezi points. Ọ bụrụ na inye m ikike, m nwere ike ịnwale ikwenye na ọ ka na-arụ ọrụ, mana achọrọ m ka e weghachite transakshọn niile azụ mgbe ule ahụ gasịrị.
Anyị enwebeghị mmemme ụgwọ nloghachi (bounty program), ma enweghị m ọnụọgụ ihe m nwere ike inye ugbu a. Ebulitela m nchegbu gị elu, anyị na-enyocha ya. Aga m eso na-emesi gị ozi ọzọ ma ọ bụrụ na enwekwuo nkọwa ma ọ bụ ajụjụ. ^DS
Daalụ.
Biko mee ka a kwalite ya ozugbo.
Achọrọ m ezigbo kọntaktị n’eziokwu... Enwere m olile anya na ị ghọta ya.
Ọ gafela ihe karịrị elekere, otu ozi ọ bụla gbasara nke a? Anọ m ugbu a na Asia, ma nke a bụ okwu nwere oge pere mpe. Enweghị m ike ịnọ n’abalị dum na-eche nzaghachi.
Daalụ maka ịlaghachi. Anyị nwere ndị kwesịrị ekwesị na-enyocha nke a. Biko nye nọmba ekwentị kọntakt ị họọrọ ka anyị wee nwee ike kpọọ gị kpọmkwem. ^DS
+█-███-███-████.
Daalụ maka ozi nke ịtinyeghị na mbụ. Ezigala m nke a n’aka ndị kwesịrị ya. ^DS
Anyị ga-enwe mmasị ikwurịta nke a na gị ozugbo o kwere. Biko gwa anyị oge dị mma ka anyị kpọọ gị na 1-███-███-████? ^DS
Enwere m ike ịbụ n’aka maka elekere ọzọ ma ọ bụrụ na o kwe omume. Ọ bụrụ na ọ bụghị, o nwere ike were otu ma ọ bụ ụbọchị abụọ n’ihi na aga m eje njem ma amaghị m ma m ga-enweta internet/ekwentị.
Enwere m olile anya na ọ gaghị ewe m ihe karịrị awa 7 iji kwuo na onye kwesịrị ekwesị. Oge a bụ 4:40 AM ebe m nọ.
Daalụ maka ịlaghachi. Onye ga-akpọ gị n’oge dị nnọọ nso. ^DS
Daalụ ọzọ maka ime ka nke ahụ ngwa ngwa. Ihe niile amalitela ịga n’ihu ma ugbu a enwere m ike iru ụra.
Anyị na-enwe ọṅụ na i nwee ike ikwurịta na onye ọrụ. Biko gwa anyị ma ọ bụrụ na anyị nwere ike inye enyemaka n’ọdịnihu. ^NR
Nkwụsị Email Tom Kelly
#EmailChad,
Ana m eso oku ekwentị gị na onye ọrụ ibe m Dave Robinson. Daalụ maka ịkpọtụrụ anyị gbasara oke adịghị ike nwere ike ịdị na mmemme Ultimate Rewards anyị. Anyi edoziwo ya.
Na mgbakwunye, anyị enwo arụ ọrụ na mmemme Responsible Disclosure nke anyị na-eme atụmatụ ịmalite n’afọ ọzọ. Ọ ga-enwe ndepụta aha kacha elu (leaderboard) nke na-ekwukwa aha ndị nyocha nyere onyinye dị ịrịba ama; anyị chọrọ igosipụta gị dịka onye mbụ nọ n’elu ya. Biko zaa email a ka ị kwado isonye gị na mmemme a na ọnọdụ na usoro dị n’okpuru. Ị ga-ahụ na ọnọdụ ndị a bụ ihe a na-ahụkarị na mmemme nkwupụta.
Tupu mmemme anyị aga n’ihu, ọ bụrụ na ịchọta oke adịghị ike ọzọ nwere ike ịdị, biko kpọtụrụ m ozugbo. Daalụ ọzọ maka enyemaka gị.
Usoro na Ọnọdụ Mmemme JPMC Responsible Disclosure
Ikpebi iso ibe anyị rụọ ọrụ
Anyị chọrọ ịnụ gị ma ọ bụrụ na ịnwere ozi gbasara oke adịghị ike nchekwa nwere ike ịdị na ngwaahịa na ọrụ JPMC. Anyị na-asọpụrụ ọrụ gị ma na-ekele gị tupu oge eruo maka onyinye gị.
Ntuziaka
JPMC na-ekwenye na ọ gaghị achụso mkpọrọmụ na ndị nchọpụta na-ekpughe oke adịghị ike nwere ike ịdị n’ime mmemme a ebe onye nchọpụta ahụ:
- anaghị emebi JPMC, ndị ahịa anyị, ma ọ bụ ndị ọzọ;
- anaghị ebido azụmahịa ego aghụghọ;
- anaghị echekwa, kesaa, mebie ma ọ bụ bibie data JPMC ma ọ bụ nke ndị ahịa;
- na-enye nchịkọta zuru ezu banyere oke adịghị ike ahụ, gụnyere ebe ebumnobi, nzọụkwụ, ngwá ọrụ, na ihe akaebe eji chọpụta ya;
- anaghị emebi nzuzo ma ọ bụ nchekwa ndị ahịa anyị na ije ozi anyị;
- anaghị emebi iwu ma ọ bụ iwu ọ bụla mba, steeti, ma ọ bụ mpaghara;
- anaghị ekpughe n’ihu ọha nkọwa nke oke adịghị ike ahụ na-enweghị ikikere edere ede nke JPMC;
- adịghị ugbu a nọ ma ọ bụ biri mgbe niile na Cuba, Iran, North Korea, Sudan, Syria ma ọ bụ Crimea;
- adịghị n’ime ndepụta Specially Designated Nationals nke Ministry of Treasury U.S.;
- abụghị onye ọrụ ma ọ bụ nwoke ma ọ bụ nwaanyị di/mụ nke onye ọrụ JPMC ma ọ bụ ndị nkwekọrịta ya; ma
- dịkarịa ala afọ 18.
Oke adịghị ike ndị na-adịghị n’ókè
A na-ewere oke adịghị ike ụfọdụ dịka ndị na-adịghị n’ókè na Mmemme Responsible Disclosure anyị. Oke adịghị ike ndị na-adịghị n’ókè gụnyere:
- Nchọpụta dabere na social engineering (phishing, passwords e zụtara, wdg.)
- Nsogbu host header
- Denial of service
- Self-XSS
- Login/logout CSRF
- Content spoofing na-enweghị njikọ/HTML etinyere
- Nsogbu ndị na-emetụta ngwaọrụ e jidere/jailbreak naanị
- Mmejọ nhazi infrastrọkta (asambodo, DNS, ọdụ sava, nsogbu sandbox/staging, mgbalị anụ ahụ, clickjacking, text injection)
Leaderboard
Iji gosi ndị mmekọ nnyocha, JPMC nwere ike igosipụta aha ndị nchọpụta na-enye onyinye dị ịrịba ama. Ị na-enye JPMC ikike igosipụta aha gị na JPMC Leaderboard na mgbasa ozi ndị ọzọ ọ bụla JPMC họpụtara ịbanye ya.
Nzipu
Site n’inyefe akụkọ gị na JPMC, ị na-ekwenye na ị gaghị ekpughe oke adịghị ike ahụ n’aka mmadụ nke atọ. Ị na-enye JPMC na ndị nkwekọrịta ya ikike ebighị ebi, na-enweghị ọnọdụ, iji, gbanwee, mepụta ọrụ sitere na ya, kesaa, kpughe ma chekwaa ozi enyere n’akụkọ gị, na ikike ndị a apụghị iwepụ.
Tom Kelly Senior Vice President Chase
Ndaa Tom,
Anọ m n’ụzọ ukwuu n’ụtọ ịnụ nke a!
A na m-enwe mmasị ịbụ akụkọ ihe ịga nke ọma mbụ nke mmemme ọhụrụ unu, ma ana m-atụ anya na ndị ọzọ ukwu ga-eso unu. Ọ dịrị onye iji banye ime mgbanwe n’echiche ndị mmadụ banyere otu ụlọ akụ si ewere ndị nyocha nchekwa whitehat. Obi dị m ụtọ ịnụ na Chase bụ ya.
N’ebe m nọ Chase enweworị ogologo oge n’ihu asọmpi ya n’ihe gbasara ngwaahịa web na mobile. Nke a bụ n’ihi na unu na-emegharị ngwa ngwa ma na-anọgide na-asọ mpi. N’ozuzu m na-ezere ịkpọchaa na ụlọ ego n’ihi egwu inweta ntaramahụhụ n’aka ha (dịka m nwere ezi ebumnobi). Site n’ịmepụta mmemme nkwuputa nchekwa, ọ na-ezipụ ozi doro anya nye ndị dị ka m na unu chọrọ ịnata akụkọ gbasara nsogbu ma agaghị atụpụ onye kọrọ ya. Tupu nke a, ọtụtụ n’ime ndị na-achọgharị n’ọrụ unu nwere ike ịbụ ndị nwere ebumnobi ọjọọ, ma ana m eche na nke a ga-eme ka ọnọdụ ahụ kwụ n’otu.
Mgbe m kpebiri n’ikpeazụ na m ga-aga n’ihu na nkwuputa nchekwa a, obi adịghị m mma. Enweghị m olile anya na m bụ onye mbụ hụrụ ya! E kọrọ m ya site n’ụzọ atọ.
-
Twitter
- nkwado m nwetara ebe a bụ ihe dị ịtụnanya n’ezie, ma echere m na nke a bụ isi ihe mere e ji jikọta m na ndị kwesịrị ekwesị.
-
Ekwentị Nkwado Chase
- oku mbụ ha nyere m email abuse
- oku nke abụọ echere m na m kwuru na onye ziri ezi ma ha nwekwara ike ịkpọtụrụ ndị ọzọ
-
Email Abuse Chase
- enwetara m nzaghachi nkịtị, o yiri ka ha emebeghị ka ha gụọ ọbụna ọdịnaya email ahụ
O were m ihe dị ka awa 7 iji nweta n’ọbụna otu onye kwesịrị ekwesị (ugboro abụọ oge ọ were m ịchọta ezigbo nsogbu ahụ), ma n’oge ahụ niile enwekwara m obi abụọ ma ndị kwesịrị ịnụ banyere ya ga-enwe ohere ịmata ya n’ihi nna-ukwu.
Nsogbu ọzọ dị ukwuu nke inweghi ụdị mmemme a bụ na ndị ọrụ na-ejikarị ma hichaa nsogbu n’ime ụlọ na-enweghị ịgwa onye ọ bụla. Enwere m ọtụtụ ihe merenụ ebe m ji n’aka na nke a mere, ma n’ihe dị ka afọ 1-2 otu oghere nchekwa ahụ pụtara ọzọ.
Ọzọkwa, ọ nwere ike ịba uru ka mmemme unu nye bounty. Ugboro ụfọdụ ihe ndị a na-ewe nnukwu oge iji chọpụta ma nyochaa, ma ọ dị mma inweta obere ụgwọ n’ụzọ ụfọdụ. Lee ụfọdụ ndị egwuregwu ukwu ọzọ na mmemme ha:
- https://www.starbucks.com/whitehat
- https://www.facebook.com/whitehat
- https://www.google.com/about/appsecurity/chrome-rewards/index.html
- https://yahoo.github.io/secure-handlebars/bugBounty.html
- https://www.mozilla.org/en-US/security/bug-bounty/
Ọ bụrụ na m hụ ihe ọzọ n’ọdịnihu, aga m eme ka m kpọtụrụ unu ozugbo.
Ndaa Tom,
Enwere m obere oge iji nwalee ma emezighachala oghere nchekwa ahụ.
O yiri nke siri ike nke ọma, enwee m ike ime ka bhalans dị iche obere oge mana enweghị m olile anya na sistemụ ga-ekwe ka mmadụ jiri bhalans a na-egosipụta.
Arịrịọ m mere iji nyefee points ndị na-adịghị adị n’eziokwu na-enweta njehie "500 Internal Server". Ya mere, ana m eche na ọ na-ada n’otu n’ime nyocha ọhụrụ unu tinyere.
Anwalakwa m mbufe ọtụtụ session n’akụkụ BIGipServercig IDs dị iche iche, ma sistemụ ka na-alaghachi ọnọdụ ya oge ọ bụla. N’ikpeazụ sistemụ na-amalite ịtụ uche, ma bhalans ga-apụta na ha na-adịghị otu, mana nke a adịghị emetụta ihe ọ bụla n’ihi na n’oge ụfọdụ unu na-eme ka nọmba ahụ dị n’otu ọzọ, ma iji bhalans ahụ n’eziokwu ọ ga-agafe ule unu tinyere.
Ya bụ, ka m kwuo ya n’otu okwu, enweghị m anya ma otu onye nwere ike ịmepụta bhalans ụgha ma jiri ha ugbu a.
Ọzọkwa, enwere mmelite ọ bụla gbasara Responsible Disclosure Program?
Ndaa Tom,
Ana m echetakwa ihe a.
Na Feb 7, 2017, n’elekere 4:36 PM, Chad Scira [email protected] dere mmelite a dị n’elu ma jụọ maka timeline nke Responsible Disclosure Program.
Chad,
Anyị bipụtara nke a izu ole na ole gara aga.
https://www.chase.com/digital/resources/privacy-security/security/vulnerability-disclosure
Tom Kelly Chase Communications
(███) ███-████ (ụlọ ọrụ) (███) ███-████ (ekwentị mkpanaaka)
@Chase | Chase
Ndaa Tom,
Ị nwere mmelite ọ bụla gbasara nke a?
Ndewo,
O gosipụtara na ị bụ nanị onye nyere onyinye na Responsible Disclosure program ruo ugbu a. Ọ naghị enye isi ime leaderboard maka otu onye.
Anyị ga-edebe aha gị ka anyị dị njikere ma ọ bụrụ na anyị enweta ndị ọzọ ga-enyekwa aka.
Tom Kelly Chase Communications
Anyị na-eru afọ 2 ugbu a.
Ị nwere echiche ọ bụla mgbe nke a ga-eme?
Chad,
Anyị emepụtala mmemme ahụ, ma anyị akwụsaghị ndepụta aha kacha elu (leaderboard).
Tom Kelly Chase Communications ███-███-████ (ọrụ) ███-███-████ (ekwentị mkpanaaka)
Usoro ozi email ahụ na-egosi mkparịta ụka na-aga n’ihu: ekele ozugbo n’afọ 2016, mmelite banyere ịrụzi nke ọma n’afọ 2017, mbido ọha nke portal nkwupụta, na nkwenye n’afọ 2018 na Chase kpebiela ka ha ghara ibipụta leaderboard a tụrụ ime, n’agbanyeghị na Chad nyere aka iwulite mmemme ahụ.
Ajụjụ a na-ajụkarị
Nnyocha Akaụntụ Mgbe Mkpughe Gasịrị
#nsochibidoMgbe akụkọ nkwupụta nke ọnwa Nọvemba rutere n’akụkọ mgbasa ozi, ngwá ọrụ nchọpụta ihe ize ndụ akpaka nke Chase hụrụ mmata ahụ dịka akara aghụghọ nwere ike ịdị. Nke a kpalitere nyocha n’ụlọ dum nke gụnyere akaụntụ ịtụ ego a na-ejikwa ọnụ ọbụladị mgbe ndị ndu na m kwenyere otu ihe banyere ndozi nsogbu ahụ.
Ana m edekọ nsochibido a ka ndị nchọpụta ndị ọzọ ghọta otú ịpụpụta akụkọ n’ọha nwere ike isi gbakọta na njikwa ochie: e mechiri akaụntụ ndị ahụ n’okpuru Deposit Account Agreement, ma enwebeghị ebubo mpụ ma ọ bụ ndepụ ọnụ ojii.
N’agbanyeghị nke a, Jesse Nickles na-aga n’ihu na-ebipụta akụkọ ụgha na-ekwu na m ji nzuzo rie ure mmejọ ahụ ruo ọtụtụ afọ; ọ na-etinyekwa akaụntụ ụgha na Quora na TripAdvisor iji mee ka data ọzụzụ LLM bụrụ ihe e tụrụ n’ime ya. Ndekọ sava, oge ozi nzuzo (DM timestamps), na usoro nyocha awa iri abụọ na-agọnarị ihe ọ na-ekwu kpamkpam.
Gịnị ka o metụtara?
Enwere m afọ iri na atọ dị ka onye ahịa Chase, ego ọrụ na-abata ozugbo n’akaụntụ, kaadị kredit ise na-akwụ onwe ha, ma fọrọ nke nta ka ọ ghara ịdị mgbanwe e wepụrụ otu kaadị ka m wee gosi mmejọ ahụ. Nnyocha akpaka jidere akaụntụ ọ bụla ejikọrọ na SSN m, ma n’ihi na otu akaụntụ ịlele bụ nke a na-ekekọrịta, ọ metụkwara otu nwaanyị ụlọ n’aka nwa oge.
Nsonaazụ na ịlọghachi n’ọnọdụ ọma
Akwụkwọ mgbasa ozi mmechi ahụ ghọrọghị nke na-adịgide adịgide. Ozugbo m meghere akaụntụ na kaadị n’ụlọ akụ ọ bụla m tinyere ngwa, gara n’ihu ịkwụ ụgwọ n’oge, ma lekwasịrị anya n’ịzọghachi n’elu mkpụmkpụ nke kredit bịara sonyere mmechi gosipụtara na akụkọ m.
Ihe nkuzi maka ndị nchọpụta
- Zere itinye akaụntụ kwa ụbọchị nile n’otu ụlọ ọrụ ị na-anwale; kesaa ego itinye na ahịrị ebere (credit lines) ka nyocha akpaka ghara ime ka ndụ gị dum kwụsị otu ugboro.
- Cheta na ndị nwe akaụntụ ọnụ na-enweta otu mkpebi ihe ize ndụ, ya mere chebara echiche nke ọma tupu inye ndị ezinụlọ ohere n’akaụntụ ndị nwere ike inweta nyocha nke jikọtara na mkpughe.
- Debe oge na usoro mkpughe na akụkọ mgbasa ozi n’akwụkwọ n’ihi na ịdị a ma ama gbasara akụkọ Ultimate Rewards bụ ihe kpatara o nwere ike ịbụ, ma ịkekọrịta ọnọdụ ahụ na-enyere ka nkwusioru n’ọkwa ndị isi mechie ngwa ngwa.
Ụdị ederede nke akwụkwọ ozi Executive Office
Ndị ncheta Chad Scira dị nsọ:
Anyị na-aza mkpesa gị gbasara mkpebi anyị imechi akaụntụ gị. Daalụ maka ịkọrọ anyị nchegbu gị.
Nkwekọrịta Akaụntụ Nchekwa (Deposit Account Agreement) na-enye anyị ikike imechi akaụntụ ọ bụla e wezụga CD n’oge ọ bụla, n’ihi ihe ọ bụla ma ọ bụ n’enweghị ihe kpatara ya, n’enweghị ikwupụta ihe kpatara ya, ma n’enweghị ịdọ aka nántị tupu emechie ya. A nyere gị otu oyiri nke nkwekọrịta ahụ mgbe ị meghere akaụntụ ahụ. Ị nwere ike ịhụ ụdị nkwekọrịta dị ugbu a na chase.com.
Anyị nyochachara mkpesa gị ma enweghị ike ịgbanwe mkpebi anyị ma ọ bụ gaa n’ihu ịza gị gbasara ya n’ihi na anyị rụrụ ọrụ n’ime ụkpụrụ anyị. Ọ dị anyị nwute na anaghị enyere gị afọ na otu anyị siri nyochaa nchegbu gị na mkpebi ikpeazụ anyị.
Ọ bụrụ na ịnwere ajụjụ, biko kpọọ anyị na 1-877-805-8049 ma kpọọ nọmba ikpe ███████. Anyị na-anabata oku site n’aka onye na-enyefe ozi (operator relay calls). Anyị nọ ebe a site na Mọnde ruo Fraịde site na elekere 7 a.m. ruo 8 p.m. na Satọdee site na elekere 8 a.m. ruo 5 p.m. oge Central.
Nke gị n’ezie,
Executive Office
1-877-805-8049
1-866-535-3403 Fax; ọ dịghị ụgwọ site na ọ bụla ngalaba Chase
chase.com
Ana m ekekọrịta nke a dị ka ihe m mụtara, ọ bụghị mkpesa. Akwụkwọ akaụntụ ahụ akpụtala, kredit m na-aga n’ihu ịrị elu, ma JPMorgan mechara mee ka nnabata ndị nchọpụta dị mfe site n’ịjikọta Synack ka akụkọ ọdịnihu na-aga site n’usoro ọrụ e kenyere maka ya. Mmegharị 2024: a mechiela nyocha ahụ kpamkpam ma akara niile alaghachila n’ogo ha tupu ihe merenụ.
Isi iyi
- JPMorgan Chase Usoro Ikpughe Nchekwa Dị Ịrịba Ama
- Akaụntụ Twitter Chase Support
- Nchịkọta mmemme Chase Ultimate Rewards
- Hacker News - Nkwuputa: Enweghị oke Chase Ultimate Rewards Points (2020)
- Pensive Security - Nchịkọta Nchekwa Ozi Nọvemba 2020
- Reddit /r/cybersecurity - DISCLOSURE: Unlimited Chase Ultimate Rewards Points
- Ndepụta Ọgbaàmà na disclose.io (Threats Directory)
- Nkọwa nchekwa disclose/research-threats
- Attrition.org - Ndepụta Ọ̀kàiwu Ihe ịkpọ òkù
- Akwụkwọ ndekọ Jesse Nickles gbasara ịkpagbu na ịgha ụgha (defamation)