Tag Archive for: goof

Hacking hotels, Google’s AI goof, and cyberflashing • Graham Cluley

/in


Smashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashingSmashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashing

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google’s AI search pushes malware and scams.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus’s Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – mstdn.social/@varmazis

Episode links:

Sponsored by:

  • Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
  • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Source…

The autofill email goof that exposed vulnerable students and cost the University of East Anglia £140,000

/in

“Please delete the email we just sent you without opening or reading…”

Yeah, like that’s going to work…

Graham Cluley

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

/in

Vulnerability-reporting platform HackerOne has paid out a US $ 20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.

Graham Cluley

Facebook privacy goof makes posts by 14 million users readable to anyone

/in

Facebook disclosed a new privacy blunder on Thursday in a statement that said the site accidentally made the posts of 14 million users public even when they designated the posts to be shared with only a limited number of contacts.

The mixup was the result of a bug that automatically suggested posts be set to public, meaning the posts could be viewed by anyone, including people not logged on to Facebook. As a result, from May 18 to May 27, as many as 14 million users who intended posts to be available only to select individuals were, in fact, accessible to anyone on the Internet.

“We have fixed this issue, and, starting today, we are letting everyone affected know and asking them to review any posts they made during that time,” Facebook Chief Privacy Officer Erin Egan said in the statement. “To be clear, this bug did not impact anything people had posted before–and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

Read 5 remaining paragraphs | Comments

Biz & IT – Ars Technica