

United Airlines Pays Man a Million Miles for Reporting Bug - jonah
http://www.wired.com/2015/07/united-airlines-pays-man-million-miles-reporting-bug/

======
drallison
The rules of the bug bounty program pretty much preclude anything agressive:

 _Attempting any of the following will result in permanent disqualification
from the bug bounty program and possible criminal and /or legal investigation.
We do not allow any actions that could negatively impact the experience on our
websites, apps or online portals for other United customers.

    
    
        .. Brute-force attacks
        .. Code injection on live systems
        .. Disruption or denial-of-service attacks
        .. The compromise or testing of MileagePlus accounts that are not your own
        .. Any testing on aircraft or aircraft systems such as inflight entertainment or inflight Wi-Fi
        .. Any threats, attempts at coercion or extortion of United employees, Star Alliance member airline employees, other partner airline employees, or customers
        .. Physical attacks against United employees, Star Alliance member airline employees, other partner airline employees, or customers
        .. Vulnerability scans or automated scans on United servers (including scans using tools such as Acunetix, Core Impact or Nessus)*
    

One can hope that the bad guys are similarly polite. And, as you would expect,
the United security folks did not see the irony of their restrictions when it
was pointed out to them.

