‘security’ Tagged Posts

Fb is obstructing customers from posting tales about its safety breach

Some customers are reporting that they're unable to publish at the moment’s huge story a few safety breach affecting 50 million Fb customers. The d...

 

Some customers are reporting that they’re unable to publish at the moment’s huge story a few safety breach affecting 50 million Fb customers. The difficulty seems to solely have an effect on explicit tales from sure retailers, presently one story from The Guardian and one from the Related Press, each respected press retailers.

When going to share the story to their information feed, some customers, together with members of the employees right here at Exadrive who had been in a position to replicate the bug, had been met with the next error message which prevented them from sharing the story.

In response to the message, Fb is flagging the tales as spam as a consequence of how broadly they’re being shared or because the message places it, the system’s statement that “lots of people are posting the identical content material.”

To be clear, this isn’t one Fb content material moderator sitting behind a display rejecting the hyperlink someplace or the corporate conspiring towards customers spreading damning information. The scenario is one other instance of Fb’s automated content material flagging instruments marking authentic content material as illegitimate, on this case calling it spam. Nonetheless, it’s unusual and obscure why such a bug wouldn’t have an effect on many different tales that frequently go viral on the social platform.

This occasion is not at all a primary for Fb. The platform’s automated instruments — which function at unprecedented scale for a social community — are well-known for at instances censoring authentic posts and flagging benign content material whereas failing to detect harassment and hate speech. We’ve reached out to Fb for particulars about how this sort of factor occurs however the firm seems to have its fingers full with the larger information of the day.

Whereas the incident is nothing notably new, it’s an odd quirk — and on this occasion fairly a foul look provided that the unhealthy information impacts Fb itself.

UK telephone large EE hit by one other safety lapse

 

For the second time this week, U.Okay. telephone large EE has fastened a safety lapse, which allowed a safety researcher to achieve entry to an inner website.

The researcher, who goes by the pseudonym Six, discovered the corporate’s inner coaching website listed on Google. (We’re not linking to the web page because it stays an energetic website.) Though the positioning required an worker username and password to log in, the researcher discovered that an “admin” account existed, of which anybody with the reply to the key query might reset the password.

It seems that secret query might have been stronger.

“What’s your eye colour,” the researcher advised Exadrive. “I attempted a great deal of colours and so they all give an error,” he stated. “The reply was merely ‘brown,’” he stated.

From there, he gained entry to your entire inner coaching website.

EE is the biggest telephone community within the U.Okay. with greater than 30 million customers.

TechCrunch reported the safety lapse to the corporate on Wednesday. A spokesperson for EE stated a repair was applied early Thursday, and thanked the researcher.

“This account has now been disabled and we’ve additionally modified the password and safety query for the account,” stated a spokesperson. “No buyer information is, or has been, in danger because the person account on the coaching web site solely gave entry to a dummy atmosphere with pretend accounts.”

However the researcher disputed a part of EE’s response, accusing the corporate of downplaying the safety incident.

The researcher shared a number of screenshots with Exadrive of the positioning. Based on the positioning’s login web page, the portal is the “residence of coaching” for all EE employees. Staff are given entry within the first week of their begin date, and may entry the positioning for the primary time with a password which is their “surname all in decrease case.”

Some screenshots confirmed dummy information, however others confirmed course content material and worker data base sources. He stated that he had entry to coaching on linked organizations, together with Orange and Plusnet.

Though the researcher discovered no worker or buyer information, he stated the admin account allowed him to grant himself “any permissions” he wished, and alter the entry of every other group of customers, he stated.

“I didn’t do any of that due to the regulation, however that doesn’t imply a malicious attacker couldn’t have performed it,” he stated.

Earlier this week, EE fastened a vulnerability that allowed prospects to reward their very own or linked accounts limitless information at no cost. The corporate fastened the bug inside two days.

Apple offers big cash rewards for help finding security bugs

 

Apple offers big cash rewards for help finding security bugs

LAS VEGAS (Reuters) – Apple Inc said they plan to to offer rewards up to $ 200,000 (a £ 152 433) to researchers critical security to find faults in its products, with dozens of companies that have already payments for assistance uncovered errors offer in their products.

The author of iPhones and iPads provided Reuters with the details of the plan, which some of the greatest treasures which includes, to date, for revealing that Thursday afternoon at the Black Hat cyber security conference in Las Vegas.

The program will initially be limited to about two dozen researchers who Apple will invite to help identify hard-to-bare-safety errors in five specific categories.

The researchers are selected from the group of experts which Apple previously helped identify errors, but does not compensate for that work, the company said.

The most profitable category, which rewards of up to $ 200,000 provides is for bugs in Apple’s “secure boot” firmware for preventing unauthorized programs from launching when an iOS device is operated.

Apple said that the decision to increase the size of the program on the advice of other companies that launched earlier abundance program limited.

These companies have said that if they do it again, they will start by inviting to join a small list of researchers, then gradually open over time, according to Apple.

security analyst Rich Mogull said that limiting participation would save Apple from handling an avalanche of “low-value” bug reports.

“Full open program can certainly manage a large part of the funds,” he said.

Apple declined to say which companies offer advice.

These benefits currently offered by dozens of companies, including AT & amp; amp; T Inc., Facebook Inc., Google, Microsoft Corp., Tesla Motors Inc. and Yahoo Inc.

Microsoft, which distributed $ 1.5 million in gifts to security researchers, since three years ago launched its program also offers a reward for identifying highly specific types of errors. The two biggest payouts was $ 100,000 each.

Not all the abundance program is targeted as the children of Apple and Microsoft.

Facebook, for example, has an open program that offers rewards for a wide range of vulnerabilities. This has paid more than $ 4 million over the past five years, with last year’s average payment of $ 1.780.

In March, Facebook will pay $ 10,000 to a 10-year-old boy in Finland found. One way to remove comments from Instagram user accounts

(Reporting by Jim Finkle; Editing by Andrew Hay)

Homeland Security chief says social media used in immigration vetting

 

Homeland Security chief says social media used in immigration vetting

WASHINGTON (Reuters) – US Homeland Security Secretary Jeh Johnson said yesterday his department is consulting social media in reviews of immigration applications since the beginning of this year, hits back at criticism that the US authorities are not sufficient to weed out potential threats the safety.

The Department of Homeland Security has been criticized reports that it does not refer to regular social media during the selection procedure for visa applications.

Questions arise when it is that one of the shooters in the 2 December killings of 14 people in San Bernardino, California, Tashfeen Malik light, the United States or to a K1 fiancee visa. The Los Angeles Times reported that she pledged her support to the Islamic Jihad in a private Facebook post.

Johnson said his department began consulting social media early this year for the grant of certain immigration benefits, but did not specify which.

“We have policies in place regarding social media consultancy which in my judgment, especially in the current environment, was too restrictive,” Johnson told reporters at the unveiling of a renovated terrorism alarm.

“Under my leadership as Secretary, we actually begin social media consulting in connection with the granting of various immigration benefits and we will do more of this,” he added. “Any reports or partial reports to the contrary are simply untrue.”

He noted DHS consult databases intelligence and law enforcement databases if not screened for a “very” immigration benefits, but said social media is also helpful.

The monitoring of social media as a way to identify potentially violent extremists is debatable Tuesday examined by the Republican presidential candidates, with several candidates argument for larger studies of social media in terrorism.

Although there is no explicit prohibition order visa researchers treil social media accounts of applicants “, some agencies have been careful to make the visa application procedure, an Obama administration official.

Johnson has denied reports there was a policy in place in 2014 that agents prevented Malik screening before they entered the country.

“It would not be right,” said Johnson said. He declined to comment on the investigation, but noted public messages that Malik has its positions under an alias.

On Tuesday, two dozen Democrats Senate a letter to Johnson calling on DHS social media background checks as part required from the visa selection

(Additional reporting by Mark Hose Ball; Editing by Susan Heavey and Bill Rigby).

‘Irrational’ hackers are growing U.S. security fear

 

'Irrational' hackers are growing U.S. security fear

Cyber ​​Security researcher HD Moore discovered he could use the Internet to access the controls of a number of sensors 30 pipelines across the country that was not secured with a password. access

A hack expert who helps companies discover network vulnerabilities, Moore said he found the sensors previous month during the analyzing data in massive databases, public internet-connected devices.

“We know that the systems be exposed and vulnerable. We know not know what effect would be if someone actually tried to use, she” said Moore, chief research officer at security company Rapid7.

American experts national security used to find comfort in the belief that super powers ‘rational’ as China or Russia were their main opponents in cyberspace. Such countries can the ability to destroy with the click of a mouse American critical infrastructure have,., But they are likely to do that for part because they requite afraid Washington

Now, anxiety growing that the actors cyber ” irrational “- such as extremist groups, rogue states or activists of the Hacker – infiltrate to hunt for gaps in the security as the one discovered by Moore American systems These opponents are perhaps not so resourceful, but if the bombardment. a federal building in Oklahoma in 1995, Timothy McVeigh, it is the element of surprise is as worrying.

Former U.S. Secretary of Homeland Security Michael Chertoff said he was afraid the first attack destructive cyber would resemble American soil Marathon bombings of Boston in the sense that the suspects were not on the radar of the Government.

“You going to get, attacks consequences relatively small-scale from all sorts people – of hactivists, criminals, whatever,”. said Chertoff during the summit in cyber security Reuters last week “Are they going take down infrastructure critical? They could.”

Emerging actors who cyber-security experts say they most concerned about ao Iran, believed to behind the continuous attacks on sites U.S. banks Web, as well as a devastating attack on about 30,000 personal computers to national oil from Saudi Arabia last year company.

North Korea rapidly gaining skills cyber experts say, after hackers grabbed three South Korean broadcasters and two large sofas in March.

Another new player is the Syrian Electronic Army, a group activist, who the responsibility for hacking the Twitter-accounts of the main selling points of the Western media, such as the Associated Press last month, when his hacker sent a tweet about fake-explosions in the White House that the U.S. stocks has short claimed sent plunging.

Unrelenting ATTACKS

Raster related to the American power is the target of an attempted cyber attacks daily, according to a report of California Representative Henry Waxman and Massachusetts Representative Ed Markey released the House Energy and hearing on cyber safety Commerce Committee on Tuesday.

More From a dozen utilities Abuse tried attacks daily, constant or frequent ranging from hostile probes to this malware-infection, according to the report. (To read, the report see http://r.reuters.com/sej38t)

Gerry Cauley, CEO of the North American Electric Reliability Corp., told the top over cyber safety Reuters that the computer viruses are found in the grid, which can be used to deliver to damage to plant malicious software. NERC is a nonprofit agency that oversees and ensures the reliability of the bulk power system in the region.

Experts say that with so many unknown hackers try to infiltrate systems industrial control of the United States, they fear someone somewhere – maybe even a amateur -. will intentionally or unintentionally cause damage to power plants, chemical factories, dams and other infrastructure critical

“Even if you do not know how things really work, you can still wreak havoc by the crashing of a device” says Ruben Santa Marta, a senior security consultant at IOActive. “Probably in the near future we could make with a incident of this kind, where the attackers will not even know what they do.”

Santa Marta identified hundreds internet-oriented systems control – on the grid, water-installations for the treatment and the heating and ventilation-installations for buildings, including hospitals He discovered also bugs built in the industrial control equipment

..

Department or Industrial Control Systems Cyber ​​Emergency Response Team of Homeland Security, known as ICS-CERT, warned last week for a error that Santa Marta found in equipment from the Turck Germany, that is used by manufacturers and companies in agriculture United States, Europe and Asia.

The agency said attackers with “low skills” hacking could the leak exploit, causing end secluded industrial processes. She advised customers to a patch that would protect against such attacks. Them

Director of National installing Intelligence James Clapper told a Senate committee in March that “less experienced players, but very motivated” could access a number of poorly protected systems control. They could “substantial damage”, he, warned due to unexpected system configurations, errors and the consequences that can occur between cause the nodes in networks.

‘a matter of time’

The ICS-CERT groceries dozens warnings and opinions on vulnerabilities in industrial operating systems on its website each year. Companies whose products were in their warnings named are General Electric Co., Honeywell International Inc., Rockwell Automation Inc., Schneider Electric SA and Siemens AG.

Dale Peterson, CEO of industrial control systems security company Digital Bond, said very vulnerable infrastructure control systems are to cyber attacks because the designers not take into account the safety when they the technology.

While hackers have yet a scathing attack on the American infrastructure launch, have enough skills to do that. “I would say it’s just because no one wanted to do it,” said Peterson, who began his career as a code breaker with the National Security Agency

House of. Intelligence Committee chairman Mike Rogers of said terrorists belong to the groups that to the ability to a cyber attack on American infrastructure launch acquire, but he believes she not yet about this possibility.

“You get the right person with the right capacity deploy for this and it is a game changer,” Rogers told the top. “My concern is this only a matter of time.”

Eric Cornelius, a former ICS-CERT said that in vital sectors such as energy, water, oil and gas sometimes not implement security patches recommended by the equipment and software makers in a timely manner, because they need to plants to operators take off-line to do and can it not afford the downtime

Some plants. The lack of staff adequate security and technology to protect, networks because they do not have sufficient resources, said Cornelius, director of critical infrastructure Cylance Inc.

A relatively inexperienced hacker who goal was to probe a network would damage a system unintentionally because aging networks are extremely vulnerable and sensitive, he. said

“This leaves the control systems of insecurity”, he. Said