Picture:
Picture:
Getty Images/iStockphoto

Google has helped one student get rich quick - but not in the way you might think.

Unfortunately the $10,000 USD fortune wasn't earned as easily as searching 'how to make money fast'.

Uruguayan high school student Ezaquiel Pereira spotted a loophole in Google's back-end servers that could grant attackers access to its private data.

In a post explaining how he did it, he wrote:

On July 11th, I was bored, so I tried to find some bug at Google.

As you do.

Pereira played around with the website - or, in other words, did a lot of confusing stuff that most of us won't understand.

Soon enough he stumbled across the words 'Google Confidential'.

At this point I stopped poking at the website and reported the issue right away.

Just a few hours later, Google emailed him praising the "nice catch".

Pereira stayed modest, thinking to himself:

Cool, this is probably a small thing that isn't worth a dime.

But a few weeks later, Google contacted him again with the true value of his find.

In what must have read at first like a spam email, they said:

As part of Google's Vulnerability Reward Program, this panel has decided to issue a reward of $10,000.

Pereira was gobsmacked:

I got $10,000 US dollars just for changing the Host header!!!

The bug has been fixed now, and, according to Google, the large reward was because they found a few variants that would have allowed an attacker to access sensitive data. 

Good luck to Pereira in his dream of becoming a security researcher - though his track record suggests he probably won't need it.

Keep reading...Show less
Please log in or register to upvote this article
The Conversation (0)