| ▲ | JJJollyjim 3 hours ago | |
This is the place they direct researchers to report bugs. If they don’t want to pay out for MITM, that’s fine, but they should still be taking out-of-scope reports seriously | ||
| ▲ | bravetraveler 3 hours ago | parent [-] | |
+1 Bounty aside, this deserves attention. I wouldn't want to award bounties for MitM either if I made it so easy. They closed the issue as 'out of scope'... with no mention of follow-up (or even the bounty we don't care about). I'm skeptical to say the least. Industry standard has been to ignore MitM or certificates/signatures, not everything. | ||