This is Part 2. Part 1 can be found here. HackerOne’s Managed Triage From what I understand of HackerOne’s managed triage, “Finders” (researchers) submit their findings to HackerOne, whose triagers/analysts review the submissions before the program it is written for ever sees anything. There is a clear potential for conflict and corruption in the system…
Category: Of Note
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 1.
This is Part 1. Part 2 can be found here. In November, Catalin Cimpanu reported that Russian researcher, Sergey Zelenyuk, had publicly disclosed a VirtualBox 0day instead of first disclosing the problem to Oracle or working through a bug bounty platform. Curious to see what Zelenyuk’s justification for his actions would be, I found that…
When can the feds hack into your computer? Case involving scam targeting Wegmans could decide.
Phil Fairbanks reports: When the FBI uncovered a scammer targeting Wegmans two years ago, agents hacked into the suspect’s computer in an effort to learn his identity. The hacking, approved by a judge, involved an email and attachment that, when opened, connected the suspect’s computer to an FBI server. A new lawsuit in Buffalo federal…
A former NSA contractor accused of stealing a treasure trove of data offers to plead guilty to data theft
Scott Shane has an update on the case of former NSA contractor Harold T. Martin, who is potentially facing more than 100 years in prison when you start adding up all the felony counts: A veteran cybersecurity specialist for the National Security Agency and other intelligence organizations, accused of taking thousands of secret documents home…
Italian Trade Union of State Police Officers Hacked & Defaced by The Anonymous Anarchist Agency
Hacktivism is still a thing, although we may not see as much of it here in the U.S. these days. The headlines about hundreds of German politicians having their details dumped may have garnered more attention here, but there have been other ongoing campaigns that have tended to be ignored by U.S. media. One such…
German politicians’ data published online in massive breach
Hans-Edzard Busemann and Tassilo Hummel report: Personal data and documents from hundreds of German politicians and public figures have been published online, in what appears one of the most far-reaching cyber attacks in a country that has become a target of choice for hackers. It was unclear if the breach, which triggered an emergency meeting of…