Collaborate Disseminate
After looking for software to store information, I found a program that caught my attention instantly. I purchased a license but after a while, I realized that the program had a big vulnerability.
On the official page, it sp… Continue reading Where can I report a program to be reviewed for security vulnerabilities and privacy issues?
Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.
So when [Matteo Pisani] recently came across a …read more
There is an exploit within Chromecast that allows for people to access another user’s devices. I would like to report this to Google, but there is not a straight forward process I can find. Is there anyway to report it so tha… Continue reading How to report an exploit within a Google system [on hold]
Google was caught not disclosing a potential data breach — leaving questions as to whether a lack of transparency is the new normal. Continue reading Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape
The EU’s GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing br… Continue reading The Effects of GDPR’s 72-Hour Notification Rule
The EU’s GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete. 1) Announce & cop to max possible impacted users. 2) Everybody is confused on actual impact,… Continue reading The Effects of GDPR’s 72-Hour Notification Rule
We experienced a very interesting phenomenon in the last 6 months and that is that some employees found and reported to our security teams few very crucial security issues. We were thinking about encouraging this type of beha… Continue reading How should we implement responsible discovery program internally only for our organization employees?
After Google publicized the flaw seven days after a patch was issued, the Epic Games CEO called out the company for irresponsible disclosure. Continue reading Fortnite Android App Falls Victim to Man-in-the-Disk Flaw
Let’s assume you stumble across a vulnerability in some online system, which is a commercial product by a small US company (1 to 50 employees according to Glassdoor). That online system shall be hosted for some clients and so… Continue reading What are good, safe, not necessarily anonymous ways to disclose vulnerabilities?
Authy looks like a great solution – especially for laymen, in order to simplify complexities – but I have some nagging concerns re privacy & security, especially when sensitive data is hosted “on cloud”.
It’s encouraging… Continue reading Authy reviewed?