In case you haven’t been online much this week, here’s what you’ve missed.
A very interesting story is the one of Palestinian security researcher Khalil Shreateh who reported a critical vulnerability to Facebook.
His initial reports were ignored by the social platform because they didn’t contain enough details of the flaw. The expert decided to attract the company’s attention by demonstrating the effects of the bug directly on the timeline of Mark Zuckerberg, Facebook’s founder.
The story sparked a lot of controversy in the IT security industry. Some sided with Facebook, arguing that the researcher should have played by the book, while others said he should have been rewarded, despite the unorthodox reporting method.
After failing to convince Facebook to change its decision, other security experts raised some money to reward the Palestinia n.
Another controversial security bug reporting case comes from South Africa. The City of Johannesburg was forced to shut down its e-Services because of a vulnerability that exposed the financial details of citizens.
The security hole was identified by a CTO who immediately reported the issue to the city. However, he didn’t get any response.
Now, according to a statement posted on its website, the City of Johannesburg plans to sue the man for illegally accessing sensitive information.
Another interesting story was sparked by a statement made by the FBI regarding the Anonymous movement. One of the agency’s representatives claimed that the hackers were no longer a serious threat after the arrests of the LulzSec hacktivists.
In response, Anonymous hackers leaked some data allegedly obtained from FBI servers. Later, they published a file allegedly containing the details of all US Federal Reserve employees.
The Fed says it’s investigating the incident, but at first sight the data appears to come from the February hack.
Just days before the FBI made the controversial statement, Anonymous hackers breached and defaced a UK government website and posted data belonging to US government employees.
The attack came in response to the detention by UK authorities of David Miranda, the partner of Glenn Greenwald, the journalist who has been publishing the documents stolen by Edward Snowned from the NSA.
As far as hacktivists are concerned, on Friday we learned that Hector Monsegur, aka LulzSec hacker Sabu, will not be sentenced at least until October. His sentencing has once again been delayed, presumably because the US government still needs his services.
Here are some other stories worth reading:
Syrian Electronic Army hacks GoDaddy account and email addresses of ShareThis
DDOS component found in Orbit Downloader
Nasdaq suffers outage. Experts say it could be the work of hackers
Another Turkish government website hacked by RedHack
Twitter denies that any user accounts have been compromised
League of Legends hacked
English Defence League website hacked once again
Al-Qaida websites disrupted by DDOS attacks
No comments:
Post a Comment