bugs

United Airlines is offering 1 million miles in bug bounties

United Airlines is offering 1 million miles in bug bounties

Bug bounty programs are a great way for white-hat security researchers--hackers-- to earn extra cash. The best programs incentivize finding security flaws with cold, hard cash. On the other end of the spectrum, some companies only offer swag in return for finding flaws. A new set of bounties from United Airlines falls squarely in the middle. The company is offering airline miles in return for hunting security flaws. These miles aren't a measly upgrade from economy; you could earn some real travel time for uncovering a serious system flaw.

Continue Reading

Lenovo chided again for vulnerable System Update service

Lenovo chided again for vulnerable System Update service

It has barely been three months since Lenovo was embroiled in controversy over its "Superfish" adware installations yet it seems the world's largest PC maker has taken another PR hit. This time however, it isn't about Lenovo installing malware on its products but about not being a good guardian of its critical software. A couple of vulnerabilities found in Lenovo's System Update service practically leaves any Lenovo PC user open to hackers and infection, using nothing more complicated than a man-in-the-middle (MITM) attack, one of the most basic weapons criminals have in their arsenal.

Continue Reading

FAA: Boeing 787s need to be rebooted every 248 days uptime

FAA: Boeing 787s need to be rebooted every 248 days uptime

Computer systems, especially servers, usually boast off years of uptime, the number of consecutive days the system is left running without a reboot or shutdown. That's not exactly surprising given how critical it is for these systems to keep on running and running. Boeing's 787 airplane, nicknamed the Dreamliner, however, can't boast of that same achievement anymore. The US Federal Aviation Administration is ordering airlines to shut down a 787's power systems at least once every 248 days to prevent a complete loss of power and control that can happen when the plane is left powered on for long stretches of time.

Continue Reading

Wink offers posts fix options for hubs bricked by update

Wink offers posts fix options for hubs bricked by update

Wink users who have suddenly found themselves without some smartness in their homes this weekend are probably painfully aware of the blunder that the company made in a recent firmware update. All hope is not yet lost, however. Wink has just posted some instructions on how to get those Smart Hubs up and running and connected to the Internet again. And in case you're not that confident with your technical know-how, they are offering free round-trip shipping to get yours fixed in a few days.

Continue Reading

“FREAK” security hole affects even Windows after all

“FREAK” security hole affects even Windows after all

Microsoft almost had it good. Long lambasted for being so easily hacked, it was almost believed that the company's operating system, at least those well-patched and up to date ones, were immune to the latest security vulnerability causing worry over the Internet. As it turns out, however, it just isn't the case. Microsoft published a security advisory informing users that the version of Internet Explorer running on many versions of the Windows OS are susceptible to this FREAK attack, with no word on when a patch will be rolled out.

Continue Reading

Spot.me Apple Pay to Android app can pose a security risk

Spot.me Apple Pay to Android app can pose a security risk

For all their advertised benefits, these rising mobile payment systems are pretty much walled gardens of their own. But what if you wanted to use that fancy new wireless system to pay, not just a merchant, but a friend? There's a new app on Android that proposes to do just that and it even lets Apple Pay users join the game. But while Spot.me sounds like a really neat and social thing, it might actually be more trouble than it's worth from a security point of view.

Continue Reading

90s US “weaker encryption” policy comes back to haunt it

90s US “weaker encryption” policy comes back to haunt it

The US government has been fighting against recent efforts in the tech industry to strengthen security measures, especially against government snooping. In essence, it wants a backdoor into services and devices in order to get access to crucial information it needs to fight crime and terrorism. Apparently, this has been done before and looks like the government needs to take heed from that. A security policy enacted decades ago has found its way back to the US and is compromising the security of secure websites, including some of the government's own.

Continue Reading

Linux C library exploit affects all systems dating back 2000

Linux C library exploit affects all systems dating back 2000

Sometimes, the price of popularity is more scrutiny. As the Linux operating system, and open source in general, gets more and more coverage in mainstream media and news, a lot of security holes, and big ones at that, are being exposed, or at the very least sensationalized. After the "Shellshock" bug last September, which was reported to be even worse than the "Heartbleed" bug of the open source OpenSSL vulnerability, comes a "GHOST" security exploit that affects almost all Linux systems that date all the way back to 2000.

Continue Reading

Google’s Project Zero targets OS X with three new exploits

Google’s Project Zero targets OS X with three new exploits

Google’s Project Zero has released more 0day vulnerabilities, and is this time aiming for Apple. Over the past few days, Project Zero has slowly released some exploits found in OS X Yosemite. The vulnerability exposure team at Google first provides their findings to the company in charge of the software. After that time, they’ve got 90 days to fix it before Google’s Project Zero team publishes it to the world. While Microsoft was responsive to Google’s release, Apple is much more tight-lipped.

Continue Reading

Impossibly difficult Super Mario cheat glitch pulled off

Impossibly difficult Super Mario cheat glitch pulled off

The classics are making a comeback, and in more ways than one. Super Mario, one of the most beloved gaming franchises in the world, is back in the press, not because of a hot new game or a retro old game, but because of how people are stretching the game beyond what the developers intended. Like giving it a brain to play itself. Now a high-profile YouTuber is earning views because of how he managed to hit a very intricate glitch that let him finish Super Mario World in just 6 minute, without facing the final boss.

Continue Reading

1 2 3 4 5 6 7 8