Eileen Yu reports: A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident. […] The 454-page report published today outlined 16 recommendations the committee said were made…
Category: Commentaries and Analyses
Shutdown delays TSA data-security efforts
Adam Mazmanian reports: The Transportation Security Administration is looking to consolidate contracts and streamline technology in the system used to protect key elements of the air travel infrastructure from terrorist infiltration. But the ongoing shutdown is preventing TSA from moving ahead with a planned $230 million procurement. TSA’s Technology Procurement Division was scheduled to host…
thedarkoverlord experiments with its approach to amassing BTC
I’ve probably reported more on the blackhats known as thedarkoverlord (TDO) than other journalists, and I’ve probably spent more time chatting with them about their work than any other journalist. But despite my considerable investment of time, there are times when I simply do not understand why they are doing what they are doing. As…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 2.
This is Part 2. Part 1 can be found here. HackerOne’s Managed Triage From what I understand of HackerOne’s managed triage, “Finders” (researchers) submit their findings to HackerOne, whose triagers/analysts review the submissions before the program it is written for ever sees anything. There is a clear potential for conflict and corruption in the system…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 1.
This is Part 1. Part 2 can be found here. In November, Catalin Cimpanu reported that Russian researcher, Sergey Zelenyuk, had publicly disclosed a VirtualBox 0day instead of first disclosing the problem to Oracle or working through a bug bounty platform. Curious to see what Zelenyuk’s justification for his actions would be, I found that…
When can the feds hack into your computer? Case involving scam targeting Wegmans could decide.
Phil Fairbanks reports: When the FBI uncovered a scammer targeting Wegmans two years ago, agents hacked into the suspect’s computer in an effort to learn his identity. The hacking, approved by a judge, involved an email and attachment that, when opened, connected the suspect’s computer to an FBI server. A new lawsuit in Buffalo federal…