Articles about security researchers

Bounty hunters

How much is a security bug report worth to Facebook? About $2,100

Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws …
Iain Thomson, 3 Apr 2014
The Register breaking news

The Boston Trio and the MBTA

The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a court in Boston. The three - Zach Anderson, RJ Ryan and Alessandro Chiesa - intended to present both a paper …
Mark Rasch, 26 Sep 2008
The Register breaking news

Carpetbomb bug tarnishes Google Chrome

Google Chrome isn't officially out yet, but security researchers have already picked the browser apart to discover a security vulnerability. The WebKit engine used inside Chrome leaves it vulnerable to the infamous Safari carpetbombing flaw, security researcher Aviv Raff warns. The flaw stems from a combination of a …
John Leyden, 3 Sep 2008
The Register breaking news

Nokia admits major Series 40 security problems

Nokia has admitted that the security flaws exposed by Adam Gowdiak of Security Explorations are genuine, and that a miscreant exploiting them could do whatever they like to a Series 40 phone just by knowing the phone number. Gowdiak posted some details earlier this month, with claims that by exploiting the flaws he could …
Bill Ray, 21 Aug 2008
The Register breaking news

How poor crypto housekeeping left OpenID open to abuse

Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be. OpenID is a shared identity service that enables users to eliminate the need for punters to create separate IDs and logins for websites that support the service. A growing number of around 9,000 websites support the …
John Leyden, 13 Aug 2008
fingers pointing at man

Crimeware grifters scamming naive phishers

Phishing exploitation kits can be picked up for free on the internet but these packages are regularly backdoored, according to a new study. Security researchers at the University of California, Santa Barbara, have confirmed that inexperienced phishers are in effect doing the legwork for more wily grifters. Many phishing kits …
John Leyden, 7 Aug 2008
plaster_75

Tardy Apple finally releases DNS patch

Apple has finally gotten around to defending against a high-profile Domain Name System flaw, days after security researchers called it out for dragging its heels on releasing a patch. The Mac OS X security update issued by Apple on Thursday defends against the infamous DNS poisoning issue, discovered by security researcher Dan …
John Leyden, 1 Aug 2008
Apple Safari logo

Threat remains despite Safari carpet bombing fix

Apple finally fixed a "carpet bombing" flaw in the Windows version of its Safari web browser, but security researchers warn that the consumer electronics giant's patch only provides partial relief from bugs involving the interaction of Safari and other browser packages. A flaw that meant Safari automatically downloaded …
John Leyden, 23 Jun 2008
graph up

Hidden messages buried in VoIP chatter

Polish researchers have revealed the many ways you can hide messages within the bit stream of Voip phone calls. If secret policemen didn't like Skype and its IP telephony cousins before, they'll really hate it now. Burying hidden message in internet phone calls represents the latest evolution of steganography. Steganographic …
John Leyden, 3 Jun 2008

Google's Lemon squeezes out web app bugs

Google is developing an automated tool for finding common web application vulnerabilities. The tool, dubbed Lemon, is still in development by the ad-brokering giant's security researchers but is already been used internally. It's unclear whether or not Google will release the vulnerability testing tool more generally. Free …
John Leyden, 18 Jul 2007
Vogon

A serious browser vulnerability, but whose?

A serious vulnerability that causes Internet Explorer to launch Firefox and execute a malicious payload is sparking debate about exactly who is responsible for the flaw. The vulnerability, which was widely reported on security blogs, allows an attacker to remotely execute malicious code on a machine that is running IE but also …
Dan Goodin, 11 Jul 2007
arrow pointing up

Eighties throwback worm spreads via memory sticks

Miscreants have created a strain of malware which uses memory sticks as a vector for infection. The SillyFD-AA worm spreads by copying itself from infected machines onto removable drives such as USB memory sticks before automatically running when the device is next connected to a computer. The malware, which is also capable …
John Leyden, 8 May 2007
Adobe

Bug brace menaces Adobe Photoshop

Security researchers are warning of a brace of unpatched flaws in Adobe Photoshop that allow hackers to gain control of vulnerable PCs. The first vulnerability – which affects Adobe Photoshop CS2, Adobe Photoshop CS3, and Adobe Photoshop Elements 5.x – leaves users open to attack if they open malformed PNG graphics files. …
John Leyden, 1 May 2007
Handcuffs

My RFID-embedded car numberplate has a virus

Spyware - malicious programs that covertly track surfing habits or steal confidential data - are likely to migrate onto new platforms, including mobile phones and RFID chips. The scenario is sketched out in the second issue of McAfee's twice annual Global Threat Report. RFID chips, which began life as a replacement for bar …
John Leyden, 11 Apr 2007

Exploit for latest Windows vuln already animated

A vulnerability in the way Windows handles animated cursors puts users at risk of being pwnd, and several nefarious websites are already trying to exploit the flaw, according to the SANS Internet Storm Center. The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond's …
Dan Goodin, 30 Mar 2007
mozilla foundation

Mozilla: security researchers have too much power

Mozilla's security chief has stepped into the debate about the disclosure of security bugs by saying that software developers are at the mercy of bug hunters. Mozilla security chief Window Snyder called on security researchers to follow responsible disclosure guidelines, giving vendors a reasonable amount of time to fix bugs …
John Leyden, 26 Mar 2007

IE7 phishing bug nets concern

Security researchers have discovered a vulnerability in Internet Explorer 7.0 that might lend itself towards the creation of more convincing phishing attacks. The cross-site scripting (XSS) bug creates a means to replace local page displaying a "Navigation to the webpage was canceled" message with a "Refresh the page" link. " …
John Leyden, 19 Mar 2007
homeless man with sign

Month of PHP bugs project launches

Security researchers have begun a month-long project to highlight security flaws in PHP, the popular scripting language. The "Month of PHP Bugs", which began last Thursday, promises a bug a day for the month of March from the folks behind the Hardened-PHP Project. Unlike the earlier Month of Browser Bugs and Month of Apple …
John Leyden, 5 Mar 2007

Create a news alert about security researchers, or find more stories about security researchers.

Biting the hand that feeds IT © 1998–2017