Eileen Yu reports: A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident. […] The 454-page report published today outlined 16 recommendations the committee said were made…
Category: Of Note
Thedarkoverlord releases more 9/11 files, KickAss Forum seized by law enforcement?
Updated: After this post was published, other information became available suggesting that law enforcement may not have taken down KickAss and that the seizure notice placed on that url may have either been placed by KickAss or by some third party or parties. See updates at the bottom of this post. This is obviously a…
20 year-old German man, “Orbit,” has reportedly confessed to leaking politicians’ information
Kate Connolly reports: A 20-year-old man has admitted to police he was behind one of the country’s biggest data breaches in which the private details of almost 1,000 public figures were leaked. The man, who lives with his parents in the central German state of Hesse and is still in the education system, told police…
thedarkoverlord experiments with its approach to amassing BTC
I’ve probably reported more on the blackhats known as thedarkoverlord (TDO) than other journalists, and I’ve probably spent more time chatting with them about their work than any other journalist. But despite my considerable investment of time, there are times when I simply do not understand why they are doing what they are doing. As…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 2.
This is Part 2. Part 1 can be found here. HackerOne’s Managed Triage From what I understand of HackerOne’s managed triage, “Finders” (researchers) submit their findings to HackerOne, whose triagers/analysts review the submissions before the program it is written for ever sees anything. There is a clear potential for conflict and corruption in the system…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 1.
This is Part 1. Part 2 can be found here. In November, Catalin Cimpanu reported that Russian researcher, Sergey Zelenyuk, had publicly disclosed a VirtualBox 0day instead of first disclosing the problem to Oracle or working through a bug bounty platform. Curious to see what Zelenyuk’s justification for his actions would be, I found that…