The concept of a bug bounty program is nothing new, and even Facebook will line your pockets with cash if you discover a qualifying security vulnerability in the social network or select acquisitions it's made. Until now, however Oculus Rift was exempt. Facebook has now extended its bug bounty program to Oculus Rift, which joins other Facebook acquisitions such as Instagram, Parse, Onavo, and Moves.
Just when you thought that BSODs were a thing of the past
After installing Microsoft's August 2014 Patch Tuesday updates, you may have noticed some wonky behavior in Windows. If you're especially unluckly, you may have even been experiencing those dreaded Blue Screen of Death errors that have largely been eradicated in recent years. It turns out there's some potentially buggy code that could cause BSODs after installing the updates, which prompted Microsoft to pull the patch offline while it investigates the issue.
A hacker attack believed to have originated in China resulted in the theft of personal details of 4.5 million patients of Community Health Systems Inc, one of the largest hospital groups in the nation. Cyber thieves made off with a treasure trove of personal details, including patient names, addresses, birth dates, telephone numbers, and social security numbers, or pretty much all the necessary info to steal someone's identity.
Well now, this is disturbing -- it's being reported that a Russian crime ring is in possession of around 1.2 billion stolen Internet credentials, which is the biggest collection of its kind. That includes user names and password combinations, along with more than 500 million email addresses collected from 420,000 websites. With that in mind, now might be a good time to change up your passwords for your more important accounts.
Oh great, as if it wasn't bothersome enough knowing that all our online communications are susceptible to government spying with very little we can do about it, now we've come to find out that just by having a USB port, there exists a pretty serious security risk every time we plug in a compatible peripheral. The problem is that virtually any of the millions of USB devices out there can be reprogrammed for malicious purposes, and there doesn't appear to be much we can do about it.
An effort is currently underway to switch Google Chrome over to BoringSSL, an OpenSSL fork the search engine giant announced last month. Weaning the world’s most popular browser off of the two cryptographic software libraries it currently uses (OpenSSL on Android and Mozilla NSS on all other platforms) is proving somewhat difficult at this early stage, though.
Country came close to outlawing anonymizing software last year
The Russian Ministry of Internal Affairs (MVD) recently floated a tender inviting bids for help with “obtaining technical information” about users of Tor, the increasingly popular anonymizing network. Bidding ends on August 13, 2014 and the ministry hopes to announce the winner of the 3.9 million ruble contract ($111,000) a week later on August 20.
Perhaps one day you won't need a password to log into your accounts
Everyone knows you're not supposed to use the same password for multiple websites and services. If you follow that advice right down to the letter, then you're juggling numerous passwords, depending on how many banking sites, forums, auction portals, and everything else you're signed up for. It's a pain, and perhaps an unnecessary one -- device-based authentication could render passwords a thing of the past.
Over 86 percent of all Android devices remain vulnerable
The flagrant fragmentation that has come to be associated with Android is once again in focus, with IBM Security researchers shedding light on a major vulnerability (CVE-2014-3100) affecting the all-important Android KeyStore service, which is used for storing cryptographic keys and other sensitive credentials. Although the said vulnerability has been fixed in the latest version of the operating system (Android Kitkat 4.4), the problem is that the vast majority of Android users don’t have the latest version.
iPhone thefts are down as a result of kill switch technology in iOS 7
One of the debates in the mobile phone industry is whether or not so-called kill switches can actually reduce smartphone theft. Well, early indications suggest that they do. Authorities in New York and San Francisco -- two locations where smartphone theft is a growing epidemic -- say they've seen a drop in iPhone robberies since Apple implemented its Activation Lock feature in iOS 7.