Hunter Moore pleads guilty to 2 counts; co-conspirator soon heads to trial.
Municipal broadband networks could expand because of FCC's controversial vote.
Researchers will now be able to submit Chrome bug-chains throughout the year, reducing the likelihood of multiple researchers working on discovering the same bugs. Google has scrapped its once-a-year Pwnium competition for bug hunters, replacing it with ongoing working exploits against Chrome OS, Flash and related software. Instead of an annual one-day event at CanSecWest, security researchers will now have an opportunity to disclose Pwnium style bug chains throughout the year via Google's Chrome Vulnerability Reward Program (VRP). The change is designed to remove some of the barriers to entry under the existing Pwnium format, Tim Will, a member of the Chrome security team said in a blog post Tuesday. With the one-day format, security researchers had to wait until the event in March in order to be able to report a working exploit and become eligible for a cash award. "This is a bad scenario for all parties," Will said, "It's bad for us because the bug doesn't get fixed immediately and our users are left at risk." Letting researchers disclose security vulnerabilities and exploits all year round also reduces the likelihood of multiple researchers working on or discovering the same bug. The once-a-year format also required bug hunters to register for the conference, be there physically and demonstrate the exploit under relatively rigid time restraints and terms and conditions. The new Pwnium removes such barriers by permitting bug and exploit submissions throughout the year via the Chrome VRP, Will said. On top of all of these reasons, the participants in Pwnium program wanted an option to report bugs all year. "They did, so we're delivering." The rules for disclosing Pwnium bug chains are the same as those governing the Chrome reward program. Researchers who discover security bugs in stable, beta and development versions of Chrome or Chrome OS will be eligible for rewards ranging from $500 to $15,000. Google also has a standing offer of $50,000 for anyone that can break into a Chromebook or Chromebox while in guest mode. The numbers are only an indication of the typical amounts Google awards to bug finders. Many times, Google has handed out awards in excess of $30,000 under the Chrome rewards program, according to the company. The rewards offered to bug hunters under the Chrome VRP are relatively substantial but pale in comparison to the $110,000 to $150,000 that Google used to offer during the annual Pwnium contest at CanSecWest. But that's only because the Pwnium event required researchers to be physically present at the event. It also required them to be willing to accept the chance that some other researcher, including those at Google, would find the bug before the security researcher had a chance to claim credit for it, Google said in a FAQ on the Chrome Rewards Program page. The Pwnium program revamp is the second major change that Google has made to its security disclosures programs in recent weeks. Earlier this month the company announced a new Vulnerability Research Grants initiative under which Google is offering cash awards of up to $3,133.70 to qualified researchers interested in finding security bugs in specific Google products. Unlike typical bug bounty programs, the research grants initiative pays researchers who have been invited to participate even if they do not always find any flaws in Google products. In addition, Google also has its own vulnerability research program dubbed Project Zero that is focused on finding security vulnerabilities in software products from other vendors.
Cyber criminals had been using 3.2 million infected PCs to steal personal data
- PDF will be anchor implementation for latest version of SearchYourCloud Cloud Platform -SearchYourCloud (SYC) today announces that PDF Solutions has selected SYC's patented federated search to enable secure access, searching and sharing on the ShareP...
SSD usage up, but recovery incidents are also on the riseEPSOM - 26th February, 2015 - According to a recent SSD technology use survey, Kroll Ontrack, the leading provider of data recovery and ediscovery, revealed that while nearly 90 per cent of respo...
Research finds Network Function Virtualization among the game-changers DUBLIN & DALLAS — February 26, 2015 — AdaptiveMobile (www.adaptivemobile.com), the world leader in mobile security, today issued research that outlines the opportunity that communications service providers (CSPs) have in securing the enterprise by offering Security-as-a-Service (SaaS). The company has issued the findings in a new white paper, which found that trends such as remote working, the adoption of public and private cloud services, BYOD and shadow IT are making the traditional perimeter approach to security almost impossible to maintain. The research found that two developments in technology --network function virtualization and software defined networking - allow CPSs to offer shortened network configuration times as well as a combination of network services and hosted security offerings that better meet the changing nature of enterprise security. CSPs can deploy Internet-facing services -- such as enterprise firewalls, mail relays, anti-virus, VPN concentrators, and intrusion prevention systems -- as Virtual Network Functions, which give the level of security that larger enterprises need while also offering a level of protection not fully available to small to medium businesses today. Among the points covered in the whitepaper:Why enterprises of all sizes are living below the "security poverty line" due to factors as diverse as limitations from best of breed security vendors, ad hoc security deployments, and poor security practices associated with practices like Single Sign OnHow the mobile carrier network is best suited to provide security in a perimeter-less world, where always-on, easy access and data access across devices is the normWhat Identity Access Management means for enterprises and why CSPs are best equipped to manage it "We are looking at an enterprise security environment in which it is necessary to monitor data from the network perimeter, server farms and all endpoint devices," said Jim Donnelly, Director of Strategic Programmes, AdaptiveMobile. "Given the changes in technology, mobile operators are now positioned to protect the enterprise network to give carrier-grade protection against a host of security threats. This opportunity will give a powerful version of SaaS that will help in data protection as the enterprise network continues to evolve."To download a copy of the whitepaper, visit http://www.adaptivemobile.com/downloads/enterprise-security-as-a-service-delivered-by-csps.About AdaptiveMobile:AdaptiveMobile is the world leader in mobile security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile's award winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile's sophisticated, revenue-generating security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.AdaptiveMobile was founded in 2004 and boasts some of the world's largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The company is headquartered in Dublin with offices in the North America, Europe, South Africa, Middle East and Asia Pacific.Press contacts:ACSCom PR (USA)Anne Coyle, +1 857 email@example.comAxiCom (UK)Daniel Beattie, +44 (0)20 8392 firstname.lastname@example.orgSource: RealWire
From Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.