In-brief: Facebook said on Wednesday that it was doubling the amount of its Internet Defense Prize, awarding $100,000 to a group of researchers from Georgia Tech for work on static type casting vulnerabilities.
Update: Superfish is the Real End of SSL
In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)
After White House Summit a Consensus – on Pessimism
In-brief: Even with a high-profile summit in the heart of Silicon Valley, partisan gridlock back in Washington D.C. will make progress on cyber security impossible, experts say.
Study Reveals (Sad) Psychology of Facebook Scam Victims
Bad is good enough, according to a study of over 850,000 Facebook scams by the antivirus software provider Bitdefender. (PDF version of the report is here.) The two-year study of Facebook scams in the UK, the US and Europe found that a short list of lame, repackaged tricks are a well that never runs dry: fooling Facebook users by playing on their curiosity, vanity or naiveté. Almost half of social media e-threats prey on users’ curiosity. Far and away the top category of scam on Facebook are ‘profile view’ scams that offer Facebook users the ability to see who has viewed their profile. That ruse accounted for 45% of all scams on the 1 billion strong social network. The scam has been linked to malicious software downloads – often in the form of browser ‘plug-ins’ that promise to reveal Facebook profile views. It works well because it plays on Facebook users curiosity […]
Update: Facebook awards $50K Internet Defense Prize for Work on Securing Web Apps
Saying that research dollars for cyber security are disproportionately devoted to work on “offensive” techniques (like hacking), social media giant Facebook has awarded two researchers a $50,000 prize for their work on cyber defense. The company announced on Wednesday that Johannes Dahse and Thorsten Holz, both of Ruhr-Universität Bochum in Germany for their work on a method for making software less prone to being hacked. The two developed a method for detecting so-called “second-order” vulnerabilities in Web applications using automated static code analysis. Their paper (PDF here) was presented at the 23rd USENIX Security Symposium in San Diego. In a blog post announcing the prize, John Flyn, a security engineering manager at Facebook, said the Internet Defense Prize recognizes “superior quality research that combines a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.” Dahse and Holz’s work was chosen by a panel […]
