United Airlines Launches Half-Ass Bug Bounty

Published On May 18, 2015 | By Tom Huskerson | News and Analysis

united-airlines-sues-22-year-old-for-beating-the-system-image-1

 

United airlines no doubt has Sometimes the best intentions are only half the job. United Airlines launched a bug bounty to find holes in its computer systems. The idea is to get well meaning security researchers and hackers to find the security flaws in their system before the evil hackers do. The reward for finding the flaws could be as much as one million frequent flyer miles. United Airlines is joining a growing number of companies offering rewards for reports of security vulnerabilities.

United produced a list of systems eligible for the reward. They encourage security researchers and hackers to attack the following websites, United.com, beta.united.com and mobile.united.com; the United app; and other third-party applications loaded by united.com or other online properties. All these systems sell tickets and protect customer and company data. But not your life.

Researchers and hackers won’t make any money on the deal. United is only offering award miles for finding the vulnerabilities. For small flaws they offer as much as 50,000 miles up to one million miles for major ones. United, being United, requires participants be members of, or join, their MileagePlus loyalty program to collect.

Here’s the the problem; researchers and hackers hunting for the bugs cannot test aircraft or aircraft systems, including inflight entertainment and Wi-Fi, or conduct vulnerability scans of United servers.

Hopefully United’s position is not that it would not consider such vulnerabilities as being serious, but rather they are loath to having researchers attempting to find flaws in a plane that’s flying at 30,000 ft,” wrote Graham Cluley, an independent security consultant, in a blog post.

 

Breaking It Down

Someone should tell United Airlines this is a half-ass attempt to show they are pro-active in protecting their systems. But is certainly not of any comfort to the people who are sitting in the seats. United could have scored a major public relations coup by stating they had employed researchers to secure their planes against cyber attack or in-flight hacking. Instead it appears that they have decided to protect the systems that generate profits and not lives. Sad. Maybe United has a plan or action in place to do this. I don’t know so I can’t say they don’t. But it would be re-assuring to passengers if they did talk about it. Aviation security spreads the responsibility around to everyone including the passengers. So if you see something say something. United is not taking their responsibility seriously. They aren’t even dishing out any cash. Instead they are offering frequent flyer miles. In the mean time Malaysian Flight 370 is still missing.

 

 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Related Post

We Could All Be More More Cyber Smart!
Feds Making Money Moves
The Hottest Air Conditioning Scam
World Password Day

Comments are closed.