Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - April 04, 2014

Apr 4, 2014 4:13AM PDT
Facebook bug bounty program paid out $1.5m in 2013

According to newly published figures, Facebook has paid out a whopping $2m since it introduced its bug bounty program in 2011, with $1.5m (about £900,000) of that being spread between 330 researchers in 2013 alone.

During that year the company received 14,763 submissions from researchers, a year on year increase of 246%.

Facebook says that all submissions are considered to be valid until proven otherwise:

Most submissions end up not being valid issues, but we assume they are until we've fully evaluated the report. That attitude makes it possible for us to triage high-priority issues quickly and get the right resources allocated immediately.

Continued : http://nakedsecurity.sophos.com/2014/04/04/facebook-bug-bounty-program-paid-out-1-5m-in-2013/

Related:
Facebook doled out $1.5M in bug bounty rewards in 2013
Facebook Bug Bounty Submissions Dramatically Increase
Record year for Facebook bug hunters

Discussion is locked

- Collapse -
SMS Trojan goes after digital wallets
Apr 4, 2014 5:02AM PDT

Not satisfied with the money earned via mobile Trojans sending out text messages to premium numbers, cyber crooks have begun adding other money-stealing functionalities to the malware.

Kaspersky Lab experts have recently spotted and analyzed an SMS Trojan for Android devices that is currently mostly targeting Russian users, and which along with the premium SMS-sending also attempts to steal money by emptying the victims' QIWI digital wallet.

QIWI is a electronic payment service popular in Russia and many other countries of the former Soviet Union, and can be used for payments and money transfers, to pay fines, telephone services and ISPs. The service also operates in the US, Brazil, Romania and several other countries. In November 2012 QIWI and Visa entered into a global partnership, and the QIWI Wallet was transformed into a co-branded Visa QIWI Wallet product.

Continued : http://www.net-security.org/malware_news.php?id=2752

Related: Android Trojan Waller Sends Premium SMSs, Steals Money from QIWI Wallets

- Collapse -
A 5-Year-Old Boy Found A Big Hole In Xbox Security System
Apr 4, 2014 5:02AM PDT

It's usually extremely difficult to guess someone's password. But thanks to a 5-year-old boy's discovery, you may not have to when logging in to Xbox Live.

Kristoffer Von Hassel found a way to work around the Xbox's password verification screen, according to KGTV, an ABC News 10 affiliate.

Kristoffer typed the wrong password when attempting to login to his father's Xbox Live account so that he could play his games, the report said. When he was brought to the password verification screen after entering the wrong code, he pressed the space bar a few times and hit enter.

And it magically worked.

Continued : http://finance.yahoo.com/news/5-old-boy-found-big-145912855.html

Hat tip to Bob!

- Collapse -
Microsoft's security products will block adware by default
Apr 4, 2014 5:42AM PDT
.. starting on July 1

Microsoft announced a change to how it handles adware, a form of malware that pushes unwanted advertisements to the user. As of July 1, the company's security products will immediately stop any adware they detect and notify the user, who can then restore the program if they wish.

Currently, when any of Microsoft's security products (including Microsoft Security Essentials and Microsoft Forefront) detects a program as adware, it will alert the user and offer them a recommended action. If the user doesn't do anything, the security product will let the program continue to run until the user makes a decision.

The reason Microsoft has chosen a "July 1, 2014" deadline is because it wants to give developers three months to comply with its new rules. Here's how the company defines adware:

Continued : http://thenextweb.com/microsoft/2014/04/03/microsofts-security-products-will-block-adware-default-starting-july-1/

Related: Microsoft to start blocking annoying adware by default
- Collapse -
Her website was hacked away; here's how she got it back
Apr 4, 2014 5:42AM PDT

Jordan Reid, a blogger and what one news outlet called "A star of the post-expertise how-to landscape", learned on Saturday that her "Ramshackle Glam" site was gone - poof!

Suddenly, the site that had been hers for five years was whisked away.

After getting a heads-up from a friend that something was fishy, she found her domain up on the auction block at Flippa.com, "The #1 place to buy and sell websites, domains and apps".

For several days last week, Reid writes on that same, snatched-back site, some guy going by the name of "bahbouh" was promising that the winning bidder - or buyer, given that you could "Buy It Now" for $30,000 (£18,080) - would get her traffic, her files, and her data.

Continued : http://nakedsecurity.sophos.com/2014/04/03/her-website-was-hacked-away-heres-how-she-got-it-back/

Related: GoDaddy Once Again Accused of Failing to Help Owner of Hijacked Website