etvfutures.com
etvfutures.com December 17, 2017


New details of Uber hack and bug bounty cover-up come to light

07 December 2017, 05:58 | Cesar Cruz

20-year-old Florida man was behind Uber hack: report

Uber paid to keep data breach secret: report

UBER'S MASSIVE data breach that saw the personal information of 57 million users pilfered, was all down to a pesky 20-year-old Floridian man. The company only came clean about the hack 13 months after it took place, as Uber's former chief of security paid the hacker $100,000 under the guise of a bug bounty to keep it under wraps.

Uber hasn't identified the hacker it paid $100,000 to last year, but Reuters reports its a 20-year-old man in Florida.

Reuters' sources said that ex-CEO Travis Kalanick was aware of both the breach and payment when he led the company.

The high payment through a bug bounty programme should have raised a few alarm bells.

Uber could be in more hot water after it was reported that the taxi service had allegedly used its bug bounty program to pay a hacker to destroy the data he had stolen.

Put Buyers Flock To LULU Stock Ahead Of Earnings
CIBC Asset Management Inc purchased a new position in lululemon athletica in the 2nd quarter valued at approximately $291,000. The Zevenbergen Capital Investments Llc holds 636,825 shares with $38.00 million value, up from 548,995 last quarter.


The culprit's message was forwarded to Uber's "bug bounty" team and ultimately made its way to HackerOne, a third-party company that awards researchers for revealing security flaws in clients' products. Reuters said Uber made the man sign a nondisclosure agreement, and verified that the data had been erased. They also analysed his machine to confirm that the data had been purged. "Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code", that company said in a statement.

Uber has come under fire since disclosing the data breach last month more than a year after the fact, and the incident is now being reviewed by state and federal regulators in the USA and overseas. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom.

"The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them", Moussouris said. It is unclear whether Clark informed Uber's legal department, which typically handled disclosure issues.

Another three members of Uber's security subsequently resigned from their roles last week. The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place.



Other News

Trending Now

Carnival (CCL) Shares Down 0%
In the most updated research from a number of analysts on Wall Street, the company gets 15 Buys and 1 Sell among 25 analysts. Its North America segment includes Carnival Cruise Line, Princess Cruises (Princess), Holland America Line and Seabourn.

SC to hear plea for interim relief on mandatory linking of Aadhaar
Our objective is, all duplicate PANs should be eliminated which are not linked to Aadhaar card. The Attorney General said that in respect of 131 services, a notification would be issued.

Game of Thrones season 8 might arrive later than expected
For reference, Season 7 began on July 16 and concluded August 27 of this year, meaning it's possible we could go two years between Thrones seasons, despite Season 8 being only six episodes long.

Jennifer Lawrence Reveals What She Would Do If She Ever Met Trump
Jennifer Lawrence loves horses, but at a very young age, she was thrown off from a horse that deformed her tailbone permanently. Lawrence conceded that they were right; "we do have a responsibility to say something".

Tributes paid to death crash Pc
The police family has lost one of its best'. "You are un-replaceable and my heart goes out to Your family both blood and blue". Pc Dixon, from Thatcham, recently married his wife Samantha who is due to give birth next year.

50 new Pokemon added to Pokemon Go in a major update
For example, if you are having a hard time catching a Mudkip , you may want to check on a rainy day due to its water type nature. This weather change will also influence the characteristics of Pokemon whose behavior changes with the weather.

Furious rally powers Ohio State to 71-62 win over MI
MI led by as many as 20 in the half, but the 7-0 run - capped by a monster dunk by JaeSean Tate - pulled it closer. Moritz Wagner led the way for MI with 14 points, and Zavier Simpson and Muhammad-Ali Abdur-Rahkman each added 11.

Huawei Nova 2s Is Now Official With 6GB Of RAM, Thin Bezels
The connectivity features include 4G LTE, WiFi 802.11ac, Bluetooth 4.2, GPS / Glonass, NFC and USB Type-C. As teased before, Huawei announced the launch of the Nova 2s smartphone at an event in China today.

The Rock To Get A Star On Hollywood Walk Of Fame
Ana Martinez , producer of the Walk of Fame ceremonies, says in a statement posted on the Hollywood Chamber of Commerce website. Johnson responded by tweeting a heartfelt and grateful message, and then he (jokingly?) added that he'd be providing tequila.

I will win again in Kano - President Buhari
The "commissioning" of the release of the prisoners took place at the Kurmawa Central Prison in Kano. He also commended Governor Ganduje for the completion and upgrade of the hospital.