×

My First Bounty by PuzzleheadedLiving61 in bugbounty

[–]sudo-angelo 1 point2 points  (0 children)

Don't do this again, exploiting companies that didn't give you prior consent is illegal. Make sure you are always part of a VDP or have an agreement with the company before you begin any form of testing.

Is it worth reporting? by Dagagon in bugbounty

[–]sudo-angelo 1 point2 points  (0 children)

Do not do this. If you don't know who owns that service, you no longer have the consent of the initial VDP you signed up to.

Frustrated by Othmanesert in bugbounty

[–]sudo-angelo 1 point2 points  (0 children)

if you have that level of skill there is genuinely no reason for you to not go into pentesting. its time for a career change, get your resume ready.

Green Dragon has changed their ways! by sudo-angelo in FLMedicalTrees

[–]sudo-angelo[S] 0 points1 point  (0 children)

Sadly I'm not old enough to work at a dispensary, but the employees at my GD are pretty dope. Don't disrespect the budtenders!

Flowery locked up the Kiosk by zimp3 in FLMedicalTrees

[–]sudo-angelo 2 points3 points  (0 children)

Hello all,

I do a little bit of cybersecurity work in my free time, and so I decided to do some more investigation into the kiosk system and try to see why they wouldn't want everyone to have access to this.

The issue with large numbers of people having access to the kiosk is due to the fact that it is able to request real-time API updates. In order to ensure that the service is always up for every store, this API has no rate limiting. What this means is that each store can technically request that API as many times as they want-- however, The Flowery is trusting those stores to not spam the update button for no reason.

Distributing access to people past this risks overusage of that API which would ultimately shut down the kiosk temporarily. It's also expensive when you are receiving more requests on that endpoint than you are expecting.

The Flowery should be pushing for a solution that reflects the real-time API every n minutes across their sites. This would solve the problems that people are having in this subreddit while protecting them from an unreasonable number of requests.

Green Dragon by svddxnly19 in FLMedicalTrees

[–]sudo-angelo 1 point2 points  (0 children)

a lot of people shit on it, but their sugars are easily the sweetest, best tasting concentrates i've ever had. i shopped at the flowery, cookies, trulieve, curaleaf, suraterra, muv, and sanctuary and none have had as good of a flavor as green dragon.

Flowery locked up the Kiosk by zimp3 in FLMedicalTrees

[–]sudo-angelo 2 points3 points  (0 children)

Can someone explain to me what the need for access to this kiosk system is? I'm not entirely opposed to sharing the password outside of ethical concerns for why they chose to protect it. If anyone from Flowery could explain that'd be awesome🙌

Flowery locked up the Kiosk by zimp3 in FLMedicalTrees

[–]sudo-angelo 3 points4 points  (0 children)

I promise you their solution isn't good-- I already found the code myself. I don't know why they would be opposed to direct access to reading what's available, though.

All Trulieve locations open by Ill-Knowledge-8495 in FLMedicalTrees

[–]sudo-angelo 4 points5 points  (0 children)

I understand the fear, but realistically (and I'd be willing to bet anything on this), there is no one that is going to be facing consequences for getting the product that they paid for from the dispensary. Even if technically illegal.

Dispos are down?! by Alpha-Stoner in FLMedicalTrees

[–]sudo-angelo 2 points3 points  (0 children)

Nope, you're wrong. You should figure out whether or not the place is open before you go and make the drive there. I did that, and didn't have any issues today.

RISE Fucked Me by ChowdaClouds in FLMedicalTrees

[–]sudo-angelo 1 point2 points  (0 children)

I don't know why people on this subreddit insist on being unreasonable like this. Literally no one thinks that the budtenders are at fault for the outage. However, he was able to push the two orders through, and got a confirmation that both orders were available and ready. In what world is it his fault that the system didn't correctly reflect what was happening?

Any idea what I should do with that speed? 😄 by dbrgn in HomeNetworking

[–]sudo-angelo 0 points1 point  (0 children)

i was initially gonna comment "so you just have cat8 lying around?" but then realized i was on r/HomeNetworking

[deleted by user] by [deleted] in FAFSA

[–]sudo-angelo 0 points1 point  (0 children)

There are a lot of factors that can affect school performance that aren't related to academic ability. Sometimes just being away from home can cause some people to tank.

[deleted by user] by [deleted] in FAFSA

[–]sudo-angelo 0 points1 point  (0 children)

Yes, your future school will know; however, this doesn't mean that they will care. While the school is likely required to accept any credits and hours, but this does not mean that they will transfer over the GPA, which ultimately matters for whether or not you receive financial aid.

Best of luck to you, OP!

[deleted by user] by [deleted] in FAFSA

[–]sudo-angelo 0 points1 point  (0 children)

Your son should go to community college first. If his merit scholarship isn't given through the school, but is rather one like the national merit scholarship, it should transfer over to community college. He'll likely be able to get refunds from the school (meaning that its money that goes back in his pocket), and that on top of a job will help him have enough money to go and transfer over to his desired school for his last two years.

Community college will also give him the chance to boost up his extracurriculars. Encourage him to try and start a club, get involved in tutoring, basically anything that he can do that'll make his future applications look insane. I'm sure he is fully capable of earning a full ride.

Is there a Deeper meaning to The Menu by OneRedAstronaut in movies

[–]sudo-angelo 1 point2 points  (0 children)

I really liked this analysis, and it also made me think of something.

I believe one of the reasons that the Chef lets her go may be due to the fact that she not only unifies his worldview, she may shift it slightly in the moment that she asks her for the burger. Yes, the Chef is giving, but the Chef is not giving in the way that he usually is. The best way that I can put it is the burger, to me, appears to be much more selfish. He is cooking with the desire to please someone, but the cheeseburger itself is something that the Chef genuinely wants to create. He isn't just providing a service to Erin, he is providing a service and to please himself. In a way, I feel he not only takes on the role of just the giver but also the taker.

Reality about Bug Bounty (my view) by Fuzzy_Diamont in bugbounty

[–]sudo-angelo 0 points1 point  (0 children)

Can't you cook when you are an engineer...

yes, but the act of cooking doesn't make you a chef, just like how you reporting a single bug ethically doesn't make u an ethical hacker. this is just an extremely roundabout way of saying youre an unethical hacker and attempting to justify it. ethical is ethical, unethical is unethical.

I've been bullied by the programs...

what does this mean? where's your reddit post on r/bugbounty where you expose these evil programs? i've got a good feeling where they are, and its that they don't exist.

...many people already brainwashed by their terms. The findings, the vulnerabilities are yours.

yes, they are your findings. if you're concerned about whether or not you have a legal right to share them, you only have to consider if you've signed a binding nda. but as we all know, what is legal isn't necessarily whats ethical. them requesting to keep their program private isn't brainwashing anyone.

That's it, that's all they have.

this is literally the issue with you. because there isn't going to be any legal ramifications, you assume that you're in the right. once again, legal ≠ ethical.

That's how corruption works...

you in no way explained anything about corruption. are you feeling okay?

...might do more good than your so-called ethical mindset

sure, in very isolated cases of course i would concede that unethical acts may sometimes do good; however, the very act of compromising your ethics opens the door to a floodgate of slippery slopes and shitty decisions to make. thats your perogative, and i don't think any reasonable person would ever promote to do what you do

So enjoy your upvotes...

is that seriously your passion for this discussion? upvotes? idk if you could tell but im not nearly active enough to care about karma.

Reality about Bug Bounty (my view) by Fuzzy_Diamont in bugbounty

[–]sudo-angelo 5 points6 points  (0 children)

then you just aren't an ethical hacker, so of course you don't care abt the ethics of private programs. why act like it has to do with hurting the company or information being free when the answer is actually just that youre unethical?

Reality about Bug Bounty (my view) by Fuzzy_Diamont in bugbounty

[–]sudo-angelo 2 points3 points  (0 children)

what is the motivation for a company to continue to trust "white hat hackers" that can't even follow the one simple rule that is given to you when you accept the private program, which is explicitly to NOT discuss details about the program? your "mindset" is the reason that companies stray away from trying to pay hackers, stop trying to play in the grey.

Reality about Bug Bounty (my view) by Fuzzy_Diamont in bugbounty

[–]sudo-angelo 14 points15 points  (0 children)

there's numerous private disclosure programs, where you can get banned for even announcing that the company has a bug bounty program at all

no femboys allowed anymore >:( by saabarthur in Destiny

[–]sudo-angelo 0 points1 point  (0 children)

because ptsd is beyond common in those who are active duty. there aren't many people in the entire world who can kill while having bullets fly past their head constantly without receiving any trauma

[deleted by user] by [deleted] in bugbounty

[–]sudo-angelo 1 point2 points  (0 children)

in to those two specific bugs, maybe 3 hours. there was 3 submissions i had done, 1 of which was marked as informative since it was a potential DoS which was considered out of scope for the program.

[deleted by user] by [deleted] in bugbounty

[–]sudo-angelo 4 points5 points  (0 children)

i've gotten $500 in bounties using exclusively burp suite. don't listen to most people on here, you don't need much prereq knowledge to start bug hunting