Category Archives: crowdsourcing

Why Crowdsourced Security is Devastating to Threat Actors

Posted on by

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that […]

The post Why Crowdsourced Security is Devastating to Threat Actors appeared first on Security Intelligence.

Continue reading Why Crowdsourced Security is Devastating to Threat Actors

Security Analysis of Apple’s “Find My…” Protocol

Posted on by

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“:

Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user’s top locations with an error in the order of 10 meters in urban areas. While we find that OF’s design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available…

Continue reading Security Analysis of Apple’s “Find My…” Protocol

RSA-250 Factored

Posted on by

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years RSA-250 matrix: 250 physical core-years The computation involved tens of thousands of machines worldwide, and was completed in… Continue reading RSA-250 Factored

Survey: Cybersecurity Crowdsourcing Achieves Acceptance

Posted on by

A survey of 200 cybersecurity decision-makers suggests the chronic shortage of cybersecurity is driving organizations to embrace alternative crowdsourcing approaches to application penetration testing. The survey, which was conducted by Enterprise Str… Continue reading Survey: Cybersecurity Crowdsourcing Achieves Acceptance

Bugcrowd raises $26 million in latest funding round

Posted on by

The expansion of the bug-bounty industry continues as Bugcrowd announced Thursday that it is bringing in $26 million in its latest round of venture capital funding. The San Francisco-based company has seen consistent growth since its inception in 2012. It says that in the last quarter alone, it grew its base of commercial and Fortune 500 customers, opened new offices in London and Sydney and added to its leadership team. Bugcrowd has now raised about $50 million in venture capital funding. The Series C funding was led by Triangle Peak Partners, a venture capital firm that focuses on software and security. Triangle Peak’s president and co-founder, Dain DeGroff, will also be joining Bugcrowd’s board of directors. “Bugcrowd has built a successful business model addressing a growing and critical need,” DeGroff said in a press release. “Their deep relationships with the researcher community and expertise managing crowdsourced programs make Bugcrowd a strategic asset […]

The post Bugcrowd raises $26 million in latest funding round appeared first on Cyberscoop.

Continue reading Bugcrowd raises $26 million in latest funding round

New Techniques in Fake Reviews

Posted on by

Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems." Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the… Continue reading New Techniques in Fake Reviews

Rapidly growing bug bounty company Bugcrowd names new CEO

Posted on by

The operator of one of the leading bug bounty platforms, California-based Bugcrowd, announced Monday that it will be taking a new direction with a leadership change. Chief Executive Officer Casey Ellis is stepping down to become chairman and chief technology officer of the company, which he helped launch in 2012 and now employs more than 100 people. Bugcrowd has experienced rapid growth over the last several years, having secured a number of contracts with the U.S. government and multiple Fortune 500 companies. Bug bounty companies pool the services of independent security researchers. Under the niche industry’s unique crowdsourcing model, those freelance hackers are paid for finding bugs in clients’ systems. In an interview with CyberScoop, Ellis said he made the decision to bring in a experienced and successful businessman in Ashish Gupta, a former chief marketing officer and executive vice president with cybersecurity firm Infoblox, to run day-to-day operations because he believed that […]

The post Rapidly growing bug bounty company Bugcrowd names new CEO appeared first on Cyberscoop.

Continue reading Rapidly growing bug bounty company Bugcrowd names new CEO