You searched for Target | Page 291 of 320 | The Security Ledger with Paul F. Roberts

Search Results for "Target"

Podcast: Black Hat Preview With Trustwave’s Nick Percoco

July 26, 2013 Paul Roberts

Next week, the world’s attention will shift to Las Vegas for the annual Black Hat and DEFCON hacking conferences. What will be the big trends this year? We sat down last week with Nicholas Percoco of Trustwave’s Spider Labs to get his thoughts on the show. Nick is a regular at Black Hat and other events – both in the audience and on the stage. He said one of the big themes this year will be hacks on consumer electronics and home automation systems. As we reported, two Trustwave researchers have delved into the security of a wide range of “smart home” technologies, including home automation gateways and even a bluetooth enabled “smart toilet.” Percoco said that manufacturers of these devices need to pay more attention to security, and can’t assume that the people buying their devices are technically sophisticated enough to understand how to safely deploy or manage Internet […]

Six Hours, $4500: The Short Life and Quick Death Of A Facebook Bug

July 22, 2013 Paul Roberts

A security researcher based in Indonesia disclosed yet another Facebook bug this weekend – one that would allow an attacker to obtain the primary e-mail address associated with any Facebook account. Hours after informing the social network about the bug, however, it was closed and the researcher, Roy Castillo, was $4,500 richer. Castillo, a white hat vulnerability researcher based in The Philippines, disclosed the bug in Facebook’s Developer Application Roles Page in a post on his blog on Saturday. When exploited, it allowed an attacker to discover the primary Facebook email address of any account – even those with the email privacy setting on “Only Me,” Castillo wrote. Attackers would need a Facebook Developer account and some basic programming knowledge to take advantage of the vulnerability, in which Facebook mistakenly disclosed the e-mail address associated with a unique Facebook user ID. After discovering the buy on June 25th, Castillo […]

Microsoft Bug Bounties Flowing To Googlers

July 19, 2013 Paul Roberts

Two Google employees earned the distinction of receiving some of the first monetary rewards (a.k.a. “bounties”) issued under the company’s newly minted bounty program. Fermín Serna, a researcher in Google’s Mountain View, California headquarters, told The Security Ledger that he received a bounty issued by Microsoft this week for information on an Internet Explorer information leak that could allow a malicious hacker to bypass Microsoft’s Address Space Layout Randomization (or ASLR) technology. His bounty followed the first ever (officially) paid to a researcher by Microsoft: a bounty that went to Serna’s colleague, Ivan Fratic, a Google engineer based in Zurich, Switzerland, for information about a vulnerability in Internet Explorer 11 Preview. Fratic (@ifsecure) acknowledged the honor in a July 11 post on his Twitter account. In an e-mail exchange with The Security Ledger, Serna declined to discuss the details of his discovery until Microsoft had a patch ready to release. But […]

Security Lapse Has Tumblr Asking IPhone, IPad Users To Update -Now!

July 17, 2013 Paul Roberts

Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application – ASAP – after it was apparently found to be transmitting user names and passwords in the clear. In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr’s mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad. Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) […]

Security Start-Up, University Team On Android Patch App

July 16, 2013 Paul Roberts

The saga of the application-signing flaw affecting Google’s Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google’s official patch. Duo Security announced the availability of an Android utility dubbed “ReKey” on Tuesday. The tool allows Droid users to patch the so-called “Master Key” vulnerability on Android devices, even in the absence of a security update from Android handset makers (OEMs) and carriers who distribute the phones, according to a post on the Duo Security blog. The tool can be downloaded from the site rekey.io. “ReKey is the latest of our research projects designed to make the Internet a safer place,” said Collin Mulliner, a postdoctoral researcher at NEU SecLab in a joint press release issued by NEU […]