Tag: expose | Page 5

UIDAI Invites 20 Top Hackers To Expose Loopholes In Aadhaar’s System

July 20, 2022/in Computer Security

UIDAI has called for empanelment of 20 top white hat hackers to expose any vulnerabilities in its Central Identities Data Repository

In its endeavour to secure Aadhaar data hosted in UIDAI’s CIDR, the UIDAI intends to conduct a ‘Bug Bounty’ program along with responsible disclosure of vulnerabilities, a circular said

The selected candidates will sign non-disclosure agreements with the UIDAI to avoid any breach of sensitive information acquired during the process

The Unique Identification Authority of India (UIDAI) has announced a ‘Bug Bounty’ programme to figure out vulnerabilities in Aadhaar’s data security system.

In a circular, the government arm called for empanelment of 20 top white hat hackers to expose any vulnerabilities in its Central Identities Data Repository (CIDR).

“In its endeavour to secure Aadhaar data hosted in UIDAI’s CIDR, UIDAI intends to conduct a ‘Bug Bounty’ program along with responsible disclosure of vulnerabilities,” the circular said.

Such initiatives are common and large multinational companies offer monetary compensation in lieu of hackers exposing any vulnerabilities in a system. These initiatives enable companies to plug any loopholes before a negative actor exploits the bug to exploit the weakness.

The circular, which was issued on July 13, did not mention any financial remuneration in lieu of the services.

Elaborating on the eligibility criteria, the UIDAI said that the candidates listed among the top 100 bug bounty leaders on websites such as HackerOne and Bugcrowd would be allowed to participate in the event. Additionally, candidates listed in the bounty programmes conducted by companies such as Microsoft, Google, Facebook and Apple can also participate in the event.

Apart from that, applicants who have submitted valid bugs or received bounty in the last one year will also be eligible to participate in the initiative.

The UIDAI has capped the number of participants at 20 to report on the vulnerabilities plaguing the system. The body will form a panel to evaluate the applicants and verify the candidate credentials, and select the candidates accordingly.

The selected candidates will sign non-disclosure agreements…

Source…

Parental-control apps could expose your kids’ private data — here are the bad apples

June 30, 2022/in Mobile Security

Are child-monitoring apps taking advantage of parents’ concern for their kids? According to a new report from the Cybernews research team, some are. Android parental-control apps with over 85 million installations could be taking it way too far with how they track kids and collect data from them.

On top of that, the investigation discovered that four in 10 popular child-monitoring apps feature malicious links. What’s worse is that none of the apps received a high privacy grade. Parents should watch their own backs, too; they’re also being tracked and followed.

The child-monitoring apps that are tracking parents, too

The Cybernews research team analyzed 10 child-monitoring apps found in the Google Play Store. Each app was installed at least one million times; the most popular of the group garnered a whopping 50 million downloads.

Cybernews used the Mobile Security Framework (MobSF) benchmark, a common security analysis tool, to determine the apps’ privacy and security fitness. The score ranges from zero to 100; 100 represents the best score one can get. Below, you’ll find the list of apps Cybernews analyzed in order of their MobSF score (from worst to best).

1. Phone Tracker by Number – 25

2. FamiSafe: Parental Control App – 30

3. Find my kids: location tracker – 36

4. My Family locator, GPS tracker – 41

5. MMGuardian App for Child Phone – 43

6. Family Locator – GPS Tracker & Find Your Phone App – 43

7. MMGuardian Parent App – 44

8. Find my Phone. Family GPS Locator by Familo – 45

9. Family GPS tracker KidsControl – 47

10. Pingo by Findmykids – 53

Phone Tracker by Number scored the worst with 25 points and Pingo by Findmykids had the best with 53 points, but keep in mind that 53 is still a mediocre score. All apps contain third-party trackers, which isn’t ideal. If the companies aren’t honest, they can use that data for malicious means.

Seven of the 10 apps received a B for privacy, two were slapped with C, but Phone Tracker by Number got a big ol’ F. It has the lowest grade, but has one of the highest volumes of installations (over 50 million). It also is among the top 50 free apps in the social category on Google Play.

Phone Tracker by Number

Phone Tracker by Number (Image credit: Apple App Store)

“Due to an insecure…

Source…

The teenage hackers paid millions to expose corporations’ weak spots

May 2, 2022/in Computer Security

The 19-year-old sat at his desk, eyes hooked on the screen. Displayed on it was a corporate-looking website. At a casual glance it was just another nondescript web page, perhaps a little sparser than the colourful social media platforms he might be expected to browse.

But the American teenager had in fact gained access to the TAT-14 submarine telecommunications cable system. In operation until December 2020, the vital global commerce conduit stretched for more than 9,500 miles between France, Germany, Denmark, the Netherlands, Britain and the US.

“I came across this one web server. And the title was super interesting. So I wanted to see if I could hack it,” says Corben Leo.

His method was shockingly simple: Leo navigated to a very specific web address and refreshed the page twice. Thanks to a hitherto undetected flaw, the website treated his computer as if he had logged in with an administrator account.

It gave him the same level of control as the owners of TAT-14, resting his fingers on the artery of transatlantic trade in March 2019. And nobody knew he was there.

Leo’s hack is just one among a global community of bug bounty researchers: ethical hackers who investigate companies’ web servers for security flaws – bugs – and then reveal their findings to the owners, usually in return for payment.

“I could add admin access to all of their accounts. I could manage them, I had access to all of the internal cable documentation,” says Leo. “Everything that had to do with the inner workings of the cable, how the cable was physically structured, their maintenance periods.”

Not yet old enough to even buy a beer at the time, he could have triggered stock market crashes, disrupted governments or sparked accusations of international espionage.

Instead, he says, “I reported it to the telecommunication company as part of their security programme.

“I didn’t try to do too much because it was an undersea cable. I was fearful of getting thrown at a CIA black site!”

A lucrative pastime

For the most highly skilled hackers, bug bounties can be a lucrative pastime. Leo, now aged 22, claims he has earned “close to a million dollars” from his research efforts. As a…

Source…

Trump says Durham’s probe will expose ‘the crime of the century’

February 16, 2022/in Internet Security

Donald Trump claims Special Counsel John Durham’s probe into the former president’s ties to Russia revealed the alleged spying by Hillary Clinton‘s campaign was ‘treason at the highest level.’

‘It looks like this is just the beginning, because, if you read the filing and have any understanding of what took place – and I called this a long time ago – you’re going to see a lot of other things happening, having to do with what, really, just is a continuation of the crime of the century,’ Trump said in an exclusive interview with Fox News on Tuesday.

‘This is such a big event, nobody’s seen anything like this.’

The former president claimed he ‘didn’t have any’ insight into the allegations outlined in Durham’s February 11 court filing until it was made public, but noted that the Department of Justice official found ‘things far bigger than anybody thought possible.’

Durham alleged that Clinton’s presidential campaign paid to ‘infiltrate’ and exploit servers at Trump Tower, Trump’s Central Park West apartment, a ‘particular health care provider’ and the White House to ‘establish an inference and narrative’ that would tie Trump to Russia.

The filing also accused Clinton campaign lawyer Michael Sussmann of bringing Trump-Russia allegations that ‘relied, in part’ on traffic assembled by the servers to the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA).

Durham was appointed in 2019 by then-Attorney General William Barr to investigate possible misconduct within the U.S. government as it investigated Russian interference in the 2016 presidential election and any ties to the Trump campaign.

Donald Trump (pictured in January 2022) claims Special Counsel John Durham’s probe into the former president’s ties to Russia revealed the alleged spying by Hillary Clinton ‘s campaign was ‘treason at the highest level’

In a section of the filing titled Factual Background, Durham argued those involved with the infiltration of the servers were ‘mining traffic and and other data for the purpose of gathering derogatory information about Donald Trump.’

The former president – who alleged ‘people were suspicious that something was going on’ during the 2016…

Source…

Tag Archive for: expose

The child-monitoring apps that are tracking parents, too

A lucrative pastime