Tag Archive for: bugs

Department of Defense Forks Over $110K to Hackers Who Discovered 349 Bugs

/in


The US Department of Defense (DoD) has paid out $110,000 in bounties and bonuses to ethical hackers who discovered 349 “actionable” vulnerabilities on its networks.

As The Record reports(Opens in a new window), the vulnerabilities were discovered at a week-long “Hack U.S.(Opens in a new window)” event held in July through a partnership with Hackerone. It tasked so-called white hat (ethical) hackers with finding “High” and “Critical” severity vulnerabilities on any publicly accessible information systems, including web property or data owned, operated, or controlled by the DoD.

In total, 349 actionable vulnerabilities were discovered, leading to the DoD paying out $75,000 in bounties. A further $35,000 was paid out in bonuses and awards.

Melissa Vice, the Vulnerability Disclosure Program director, said in a statement, “in just seven days, Hack U.S. ethical hackers submitted 648 reports, including numerous which would be considered critical had they not been identified and remediated during this bug bounty challenge … This bounty challenge shows the extra value we can earn by leveraging their subject matter expertise in an incentivized manner.”

Hack U.S. is just the latest successful bug bounty program run to discover vulnerabilities and make the US government’s networks more secure. It all started back in 2016 with the launch of a “Hack the Pentagon” program, which discovered 138 problems.

Recommended by Our Editors

Katie Olson Savage, deputy chief digital and artificial intelligence officer and Defense Digital Service director, said “this crowd-sourced security approach is a key step to identifying and closing potential gaps in our attack surface.” We should therefore expect another DoD bug bounty to run in 2023.

PCMag Logo Readers’ Choice Awards 2021: Antivirus Software and Security Suites

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source…

SpaceX says researchers are welcome to hack Starlink and can be paid up to $25,000 for finding bugs in the network

/in


SpaceX Starlink internet terminal next to CEO Elon Musk.

Elon Musk’s SpaceX is encouraging security researchers to hack Starlink in a non-disruptive way.Getty Images

  • Elon Musk’s SpaceX said it encourages researchers to hack Starlink in a non-disruptive way.

  • If researchers submit findings through SpaceX’s bug bounty program, they could be paid up to $25,000.

  • One researcher recently said he hacked into Starlink using a $25 homemade device.

SpaceX says responsible researchers are welcome to hack into its satellite internet network, Starlink. It added that it could pay them up to $25,000 for discovering certain bugs in the service.

The announcement came after security researcher Lennert Wouters said last week he was able to hack into Starlink using a $25 homemade device. He said he performed the test as part of SpaceX’s bug bounty program, where researchers submit findings of potential vulnerabilities in Starlink’s network.

In a six-page document entitled “Starlink welcomes security researchers (bring on the bugs),” SpaceX congratulated Wouters on his research.

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” SpaceX said in the document. Wouters’ hack involving a homemade circuit board shouldn’t worry any Starlink users and won’t directly affect the satellites, SpaceX added.

The company’s own engineers are always trying to hack Starlink to improve the service and make it more secure, SpaceX said in the document. It welcomed any security researchers who wanted to help secure Starlink, saying they should consider joining the team or contributing their findings to the company’s bug bounty program.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” SpaceX said in the document.

On SpaceX’s bug bounty website, it says researchers who carry out non-disruptive tests on Starlink, report the findings, and discover vulnerabilities within scope can be rewarded between $100 and $25,000.

The site lists 32 researchers who SpaceX said reported important security issues in Starlink. It also says the average payout in the last three months was $973.

Testing that disrupts the service for…

Source…

Researchers Can Earn up to $25K to Hack Starlink, Find Bugs

/in


  • Elon Musk’s SpaceX said it encourages researchers to hack Starlink in a non-disruptive way.
  • If researchers submit findings through SpaceX’s bug bounty program, they could be paid up to $25,000.
  • One researcher recently said he hacked into Starlink using a $25 homemade device.

SpaceX says responsible researchers are welcome to hack into its satellite internet network, Starlink. It added that it could pay them up to $25,000 for discovering certain bugs in the service.

The announcement came after security researcher Lennert Wouters said last week he was able to hack into Starlink using a $25 homemade device. He said he performed the test as part of SpaceX’s bug bounty program, where researchers submit findings of potential vulnerabilities in Starlink’s network.

In a six-page document entitled “Starlink welcomes security researchers (bring on the bugs),” SpaceX congratulated Wouters on his research.

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” SpaceX said in the document. Wouters’ hack involving a homemade circuit board shouldn’t worry any Starlink users and won’t directly affect the satellites, SpaceX added.

The company’s own engineers are always trying to hack Starlink to improve the service and make it more secure, SpaceX said in the document. It welcomed any security researchers who wanted to help secure Starlink, saying they should consider joining the team or contributing their findings to the company’s bug bounty program.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” SpaceX said in the document.

On SpaceX’s bug bounty website, it says researchers who carry out…

Source…

Finding Bugs Faster Than Hackers – USC Viterbi

/in


binary code with an error

Photo credit: andriano_cz/Getty Images

Malware, viruses, spyware, bots and more! Hackers have many tools at their disposal to ruin your day through your vulnerable technology. As we become increasingly dependent on internet-driven products (ie, phone, computer, smart home), and everything from toasters to toothbrushes can be connected to the internet, we must be ever vigilant against malicious attacks. 

Preventing such attacks is the goal of a group of researchers in the Binary Analysis and Systems Security (BASS) group at USC Viterbi’s Information Sciences Institute (ISI). They will be presenting their new paper, written in collaboration with Arizona State University, at the upcoming 35th Annual USENIX Security Symposium, one of the premier conferences in the cybersecurity space, held August 10-12 in Boston, Mass. 

“This paper is about vulnerability discovery, which is finding security bugs in software that attackers or hackers could exploit to get control of remote systems, leak information, or any number of bad things,” said co-author and co-advisor Christophe Hauser, a research computer scientist at ISI and research lead. 

Co-author Nicolaas Weideman adds that, in particular, it’s about automated vulnerability discovery. “Because computer programs are so large and complicated these days, we’d like to automatically detect these vulnerabilities instead of having a human expert analyzing the program to find them.” 

Searching for bugs in the zeros and ones 

The paper proposes a novel technique for automated vulnerability discovery at the binary level. Hauser explains, “One of the specificities of this research is that we analyzed software not at the source code level, but we actually analyzed it at the binary level, the executable code. These are instructions that talk directly to the machine, they’re not instructions meant for humans to understand.” 

Current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. Static vulnerability detection techniques – the analysis of a program without actually running it – are limited in how accurate they can be. While dynamic vulnerability detection…

Source…