Browsing Category: Social Engineering

Simple Bug Exposed Verizon Wireless Users’ SMS History

A security researcher discovered a simple vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone who knows a subscriber’s phone number to download that user’s SMS message history, including the numbers of the people he communicated with.

Read more...

Inside the Response to the New York Times Attack

Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have compromised the site’s DNS records. Understanding the ramifications of that sort of attack, if that’s in fact what it was, Matthew Prince, CloudFlare’s CEO sent an email to Rajiv Pant, the CTO of the Times, saying that the company’s engineers would be available if Pant needed some help figuring out the situation. He did.

Read more...

With No Facebook Bounty Coming, Researcher Gets $12k Reward From Security Community

Like most major Web and software companies, Facebook receives a lot of bug reports. As one researcher learned recently, not all bugs are created equal, and Facebook doesn’t like people messing with its users–or its executives.

Read more...

Facebook Stands By Bug Disclosure Policy Following Zuckerberg Hack

A member of Facebook’s security team acknowledged over the weekend that the group could’ve taken further steps to verify a vulnerability initially brought to their attention by an independent security researcher last week but that the company largely adhered to its bug disclosure policy.

Read more...