Articles about disclosure

bomb

Google reveals Edge bug that Microsoft has had trouble fixing

Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem. Detailed here on Google's Project Zero bug-tracker, the flaw impacts the just-in-time compiler that Microsoft's Edge browser uses to execute JavaScript and makes …
Simon Sharwood, 20 Feb 2018

Bug-finders' scheme: Tick-tock, this tech's tested by flaws.. but who the heck do you tell?

Security researcher E. Foudil is pushing a scheme to make it easier for bug finders to notify companies about problems with their technology. The idea revolves around “security.txt” - a simple text file, much like robots.txt, that contains information on whom to contact or where to look for security related information about a …
John Leyden, 3 Jan 2018
what has been seen? pic by SHutterstock

Most vulnerabilities first blabbed about online or on the dark web

More than three-quarters of vulnerabilities are publicly reported online before National Vulnerability Database publication. News sites, blogs and social media pages as well as more remote areas of the web including the dark web, paste sites, and criminal forums first published bugs more often than NIST's1 centralised National …
John Leyden, 8 Jun 2017
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

'Crazy bad' bug in Microsoft's Windows malware scanner can be used to install malware

Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond's anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint …
Iain Thomson, 9 May 2017
psycho

LastPass scrambles to fix another major flaw – once again spotted by Google's bugfinders

For most of us, Saturday morning is a time for a lie in, a leisurely brunch, or maybe taking the kids to the park. But for some it's bug-hunting time. Tavis Ormandy, a member of Google's crack Project Zero security team, was in the shower and thinking about LastPass – after finding a number of flaws in the password manager …
Iain Thomson, 27 Mar 2017
Yahoo! billion-record breach notice email

Yahoo! boo! hoo! hoo!: Verizon! hits! brakes! on! $4.8bn! biz! gobble!

Yahoo!'s sale to Verizon has been delayed, following revelations last year of historical data security breaches. News of the deferral of the $4.8bn Verizon deal came as Yahoo! released its Q4 earnings results on Monday. "Yahoo! had previously stated that it expected to close the transaction in Q1," it said. "However, given …
John Leyden, 24 Jan 2017
Wordpress logo

Automattic says spooks asked for something it can't reveal

Automattic, the company behind content management and blogging platform WordPress, has complained that it can't reveal the full extent of state intelligence agencies' requests to probe users' accounts. The company's new National Security report reports that the company's recorded zero “national security requests” in 2015's …
Simon Sharwood, 28 Jul 2015
Paul Winchell and dummy

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops

Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge. Among the changes, Google says it will no longer disclose bugs on weekends and …
Neil McAllister, 14 Feb 2015
security fail

Spy platform zero day exposes cops' wiretapped calls

National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world. The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice …
Darren Pauli, 29 May 2014
balaclava_thief_burglar

SEC mulls how to save markets from hackers: How about a crack team...of advisers?

The Securities and Exchange Commission (SEC) invited security and finance experts to Washington yesterday to discuss cybersecurity issues and whether companies and stock markets should be required to immediately disclose attacks and invest in protecting their systems. SEC commissioner Luis Aguilar said that the agency needed …
Kim Dotcom at the NZ parliamentary hearing

Kim Dotcom extradition: Feds can keep evidence against Megaupload mastermind a surprise

Megaupload founder Kim Dotcom has suffered another setback in his fight against extradition to America to face piracy charges, as the New Zealand Supreme Court denied his appeal to access the evidence the US feds have on him. The top court decided [PDF] that Uncle Sam's prosecutors are not required to disclose the evidence …

Zuckerberg IN COURT: Judge rules Facebook investors CAN sue for IPO non-disclosures

A US judge has decided that Facebook, Mark Zuckerberg and a bunch of banks will face a lawsuit accusing them of misleading investors about its $16bn initial public offering. District Judge Robert Sweet in Manhattan said that investors should be allowed to pursue their claims that Facebook and the banks running its IPO were …

Judge orders probe over Samsung execs viewing secret Apple docs

Samsung's patent battles with Apple has taken an unexpected turn: the Korean conglomerate has been ordered to cough up email records and witnesses so that the court can determine if its lawyers have been playing fast and loose with confidentiality. According to a court filing on Wednesday, Apple disclosed a number of patent …
Iain Thomson, 3 Oct 2013
The Register breaking news

Top beak: Ignorant lawyers fumble electronic evidence

Lawyers and judges must be properly trained on how best to examine electronic documents and email evidence or risk wasting vast sums of money in legal costs, a senior judge has warned. Lord Justice Jackson, author of last year's in-depth report on legal costs in civil litigation, told a construction disputes conference in a …
OUT-LAW.COM, 2 Dec 2011
The Register breaking news

Microsoft imposes security disclosure policy on all workers

Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products. The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among …
Dan Goodin, 19 Apr 2011
The Register breaking news

Vodafone Aus off the hook, kind of

The Australian Privacy Commissioner has delivered a 50-50 verdict in his report on breaches of customer privacy in Vodafone’s computer system. On the one hand, the allegation that data on “four million Vodafone customers including their billing and call records were uploaded onto a publicly accessible website” has been found …
For Sale sign detail

German hacker-tool law snares...no-one

On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. In the wake of the statute, numerous …
Mark Rasch, 7 Jun 2009
The Register breaking news

UK data breach costs swell

Updated The cost of data breaches for UK firms has risen from an average of £47 per record in 2007 to £60 ($86) in 2008, according to a new survey. But figures from a Ponemon Institute study, sponsored by PGP, are orders of magnitude higher than losses booked following the infamous TJX security breach, raising questions over how much …
John Leyden, 4 Feb 2009

Create a news alert about disclosure, or find more stories about disclosure.

Biting the hand that feeds IT © 1998–2018