Tag Archive for: finding

SpaceX says researchers are welcome to hack Starlink and can be paid up to $25,000 for finding bugs in the network

/in


SpaceX Starlink internet terminal next to CEO Elon Musk.

Elon Musk’s SpaceX is encouraging security researchers to hack Starlink in a non-disruptive way.Getty Images

  • Elon Musk’s SpaceX said it encourages researchers to hack Starlink in a non-disruptive way.

  • If researchers submit findings through SpaceX’s bug bounty program, they could be paid up to $25,000.

  • One researcher recently said he hacked into Starlink using a $25 homemade device.

SpaceX says responsible researchers are welcome to hack into its satellite internet network, Starlink. It added that it could pay them up to $25,000 for discovering certain bugs in the service.

The announcement came after security researcher Lennert Wouters said last week he was able to hack into Starlink using a $25 homemade device. He said he performed the test as part of SpaceX’s bug bounty program, where researchers submit findings of potential vulnerabilities in Starlink’s network.

In a six-page document entitled “Starlink welcomes security researchers (bring on the bugs),” SpaceX congratulated Wouters on his research.

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” SpaceX said in the document. Wouters’ hack involving a homemade circuit board shouldn’t worry any Starlink users and won’t directly affect the satellites, SpaceX added.

The company’s own engineers are always trying to hack Starlink to improve the service and make it more secure, SpaceX said in the document. It welcomed any security researchers who wanted to help secure Starlink, saying they should consider joining the team or contributing their findings to the company’s bug bounty program.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” SpaceX said in the document.

On SpaceX’s bug bounty website, it says researchers who carry out non-disruptive tests on Starlink, report the findings, and discover vulnerabilities within scope can be rewarded between $100 and $25,000.

The site lists 32 researchers who SpaceX said reported important security issues in Starlink. It also says the average payout in the last three months was $973.

Testing that disrupts the service for…

Source…

Finding Bugs Faster Than Hackers – USC Viterbi

/in


binary code with an error

Photo credit: andriano_cz/Getty Images

Malware, viruses, spyware, bots and more! Hackers have many tools at their disposal to ruin your day through your vulnerable technology. As we become increasingly dependent on internet-driven products (ie, phone, computer, smart home), and everything from toasters to toothbrushes can be connected to the internet, we must be ever vigilant against malicious attacks. 

Preventing such attacks is the goal of a group of researchers in the Binary Analysis and Systems Security (BASS) group at USC Viterbi’s Information Sciences Institute (ISI). They will be presenting their new paper, written in collaboration with Arizona State University, at the upcoming 35th Annual USENIX Security Symposium, one of the premier conferences in the cybersecurity space, held August 10-12 in Boston, Mass. 

“This paper is about vulnerability discovery, which is finding security bugs in software that attackers or hackers could exploit to get control of remote systems, leak information, or any number of bad things,” said co-author and co-advisor Christophe Hauser, a research computer scientist at ISI and research lead. 

Co-author Nicolaas Weideman adds that, in particular, it’s about automated vulnerability discovery. “Because computer programs are so large and complicated these days, we’d like to automatically detect these vulnerabilities instead of having a human expert analyzing the program to find them.” 

Searching for bugs in the zeros and ones 

The paper proposes a novel technique for automated vulnerability discovery at the binary level. Hauser explains, “One of the specificities of this research is that we analyzed software not at the source code level, but we actually analyzed it at the binary level, the executable code. These are instructions that talk directly to the machine, they’re not instructions meant for humans to understand.” 

Current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. Static vulnerability detection techniques – the analysis of a program without actually running it – are limited in how accurate they can be. While dynamic vulnerability detection…

Source…

Man shares tip for finding out who sold your email address

/in


(Getty Images/iStockphoto)

(Getty Images/iStockphoto)

A LinkedIn user and business owner has revealed a tip for discovering who may have sold your email address to marketers.

In a LinkedIn post, Sam Jones shared his life hack, as he expressed why people should include a website’s name as their “middle name” when signing up for something online.

“Top tip: When you sign up for anything online, put the website name as your middle name,” he wrote. “That way when you receive spam emails, you will know who sold your info. I share this every year, but it’s always worth repeating.”

According to his LinkedIn Profile, Jones is the founder of Genr8 Ads, a software development company that works with other companies to provide media for “anticipated audiences”, offer insight about customers’ habits, and promotes brands in order to “drive action”.

Previously, Jones was also a global advertising specialist and global brand manager for Red Bull in Austria.

As of 15 June, Jones’ post has more than 8,300 reactions and over 200 comments, as fellow LinkedIn users praised him for sharing this email tip.

“That works all the time,” one wrote, while another said: “Genius!! Love it lol.”

A third user added: Brilliant hack… I never thought about this though…”

Other people noted how they could still end up getting spam emails and asked what to do next, after discovering which websites had stolen their email addresses.

“And then what – Can you sue?” one asked, while another wrote: “I see. But with this practice I would still receive the same number of spam emails for the extra effort. What to do after finding who’s selling my info?”

Some LinkedIn members questioned the security of the internet today and claimed that regardless of if this hack works or not, some websites can still sell people’s email addresses.

“I think every website/app sells your info. No need for such hard work,” one wrote. “ Anyways, we can’t do anything as we all checked that terms and conditions box.”

Source…

Family of Security Guard Shot in Oakland Speaks Out, Asks Public for Help in Finding Suspect – NBC Bay Area

/in


The family of the private security guard who died after being shot while on assignment in Oakland last week spoke out Friday, asking the public’s help in seeking the person responsible.

“We’ve heard so far that there were people doing video with their cell phones .. and we’d like them,” said wife Virginia Nishita. “I beg you, please come forward.”

Kevin’s wife said she was stunned Kevin was shot in an attempted armed robbery of a news crew in downtown Oakland on Nov. 24 and died days later. But not surprised her husband put himself in jeopardy for the sake of others.

“That was his personality, to be that protector, to be that brave one,” she said. “He just wanted to protect people. Not just his family but others as well.”

Still the senseless nature of the crime has left the family heartbroken and demanding answers.

“We just need the closure. We don’t like this open, not knowing how someone we loved passed away. We just need to know and have peace,” and said Kevin’s daughter Maureen Campos.

Kevin was employed by Star Protection Agency California and working with a KRON4 reporter at the time of the shooting.

“He didn’t deserve this. He was retired,” said Kevin’s son Enrique Nishita. “He just looking to stay busy, we just wish he could come home.”

The family says it is still working on memorial services and they take some satisfaction in hearing Oakland is now taking action including a plan to hire more police officers.

“This is justice for Kevin. He was a security guard, and he was out there to protect the newscast … and we need justice for him,” said Virginia.

A reward of $32,500 is being offered to anyone with information that may lead to an arrest.

Kevin Nishita, a security guard protecting a news crew died days following a gunfire battle. Former coworkers and friends remember him and mourn his passing. Sergio Quintana reports.

Source…