[rprime]

I discovered the same error/bug a few weeks ago when a co-worker linked "this weird page" to me, I just looked around and thought it's pretty cool too see that part of Google and didn't thought too much of it, closed the tab and went back to my Terminal. :)

[terminalcommand]

I am a bit jealous :).

I also did a subdomain search on google a few weeks ago. I stumbled upon a lot of login sites.

A subdomain search leaded to 95 subdomains under corp.google.com.

There is some strange javascript in those pages, there is a function called riskMi.

I don't want to get sucked into it, I'm also closing the tab and going back to my terminal :).

[rprime]

Indeed, or sometimes I want to try certain attack vendors and the next second I am thinking I am fooling myself, they're smarter than me, they wouldn't leave such bugs in, queue a few weeks later, someone gets a few $k because they let themselves sucked into it :D.

I guess it's as much mindset as it's skill.

[Ajedi32]

I got a bug bounty once because I reported a bug in Chrome that someone else was complaining about in the comments section of a tech blog.

If instead of just complaining that commenter had taken the time to fill out a bug report they could have easily gotten the bounty instead.

Sometimes it just takes a tiny bit of extra effort to go from noticing something's amiss to actually doing something to get it fixed.

[rootsudo]

Good idea. Imagine if you can do one bug report a month. 5K is nice income.

[dsacco]

What was the security issue?

[Ajedi32]

CVE-2015-1274

Basically, Chrome allowed users to use the "Always open files of this type" option with executable files. So if anyone was ever foolish enough to set that option after downloading a `.exe` on Windows, any future site they visited could take over their machine just by initiating a download for a malicious executable.

[throw9912]

How did you subdomain search? Was it a brute force / dict search?

[schwag09]

Shameless self-plug: You can use Fierce! A DNS reconnaissance tool - https://github.com/mschwager/fierce

[yeukhon]

DNS recon tool should be able to do it. If you look around for DNS online tool couple dozens of Google subdmains will be revealed. With Certificate Transparency this kind of information is not as secret as it used to be. Last year there was a vulnerability I forgot which it was quite big has something to do with a legacy software and it led me to look at what domains are using my company's cert. Qualy's made a tool out of this.

[dsacco]

DNS search. You can use a tool like fierce or subbrute if you're lazy.

[microcolonel]

riskMi is probably from CA Technologies RiskMinder™.

[Buge]

A few weeks ago? It says a temporary fix was done by February 10.