Teen from Norway is Certifiable “Bug” Hunter
15-year-old Norway teen Cim Stordal might seem pretty ordinary for a boy of his age. He plays Team Fortress online, target practices with an Airsoft pellet gun, works part-time at fish shop in the city of Bergen, and, of course, goes to school. However, most boys his age aren’t in the Google (NASDAQ:GOOG) Security Hall of Fame.
You see, despite all of his interests and activities, Stordal’s main passion is finding “bugs,” mistakes in source code that can sometimes be exploited by viruses or malicious users to hack popular sites and programs. “I just look around at the site and find out where I can input HTML and stuff…Often they filter some characters but forget some or they totally forget that input,” Stordal told CNET. “What an attacker wants is often the cookie, which can be used to log-in as the user.”
So far, Stordal is credited with revealing a vulnerability to Microsoft (NASDAQ:MSFT) and disclosing a cross-site scripting flaw to Apple (NASDAQ:AAPL). Besides the Google honor, Facebook gave him a White Hat Visa, an elite membership card, with $500 in credit after he revealed a flaw in their code. Though the companies are likely disappointed to have flaws revealed, they have been quick to express gratitude to Stordal because, besides discovering their issues, he discloses them to the companies before going public.
According to Stordal, Apple was by far the easiest to find a flaw in; while it took him days to find flaws in Facebook and Google, he claims that he found two XSS (cross site scripting) flaws in “only five minutes.” Apple has not commented on his claims, but Facebook has made sure to point out that the bug Stordal found was essentially non-exploitable.
Of course, without downplaying Stordal’s accomplishments and his integrity, it does beg the question, if a young teen from Norway can find these flaws while living the life of a fifteen-year-old boy, how easy would it be for one or many adults who may be attempting to do so full-time?