Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Daily news digest – 1st October 2013

by The Gurus
October 1, 2013
in Opinions & Analysis
Share on FacebookShare on Twitter

Today marks the start of the inaugural European Cyber Security Month, a continent-wide scheme intended to raise awareness of security, privacy and information issues.

Organised by the European Union agency for network and information security (ENISA), the campaign for the UK will include poster competitions, an awareness week on behaviour, ethical hacking, viruses and malware, advice on using your home computer as well as social media and email awareness campaigns. Following the various UK-based day and week-long campaigns, and the US cyber security awareness campaign, which also traditionally takes place in the same month in the United States, to make sure no-one misses the point.
I’ve asked in the past what impact awareness days have on the general public and with a prolonged campaign this time, is there going to be sufficient media attention and public awareness of a campaign to actually drive change in behaviour? As a first effort I hope this is successful, but the issue is divided between personal and businesses, and people cross that divide to affect both. I suppose if one person is actually affected then this is a success to an extent, but there will need to be more for this to be carried over into 2014.
Another story which I found to be very amusing this week was in regard to a bug bounty payment by Yahoo of only $12.50 (£7.70) to researchers at High-Tech Bridge. The company said that it was paying the bounty, in the form of a voucher that could be spent in the Yahoo store only, for three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains, which would allow an attacker to compromise any @yahoo.com email account.
According to the researchers, after some wrangling over originality of reporting, Yahoo eventually acknowledged the research and offered the paltry bounty. Ilia Kolochenko, CEO of High-Tech Bridge CEO, said: “Yahoo should probably revise their relations with security researchers. Paying several dollars per vulnerability is a bad joke and won’t motivate people to report security vulnerabilities to them, especially when such vulnerabilities can be easily sold on the black market for a much higher price.”
Considering the likes of Google pay up to $5,000 (£3,000) for a bug, this is a severe slap in the face for original security research especially after the crowd-sourced payment for the breaking of Apple’s Touch ID last week. Also unfortunately for Yahoo, is not going to encourage others to work with them if they are paying such comical amounts for original research. After all if you are a penetration tester, are you going to spend your unpaid time working on something that gives a return of only a few pounds, ask yourself if it is worth it? Then ask how Yahoo will patch those bugs if no-one is out and actively finding them.
Also, last week I attended a roundtable hosted by Silent Circle on the concept of anonymity and a lack
of it online. Following the revelations about Prism from this summer, there was a suggestion that this has destroyed online anonymity, something that we in Europe are “obsessed with”. Speaking to the Guardian, former Microsoft chief privacy adviser Caspar Bowden said that he does not have faith in the security of the software company’s technology and he now only uses open source software where he can examine the underlying code and has not carried a mobile phone for two years.
Some may call this attitude paranoia, others will realise that you have more options than putting tin foil on your head and you can actively live off the grid. Although it depends on what they know about you already as sometimes, we are not all anonymous.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Kids Are Coding

Next Post

Daily news digest – 3rd October 2013

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information