Working With Hackerone
There is no mention in the guidelines that GMs will compensate for the work hours typically spent on software vulnerabilities.
Show leadership
Bit Johnson + Carbon Black chief security strategist Ben Johnson praised GM's initiative.
However, the program's popularity remains uncertain.
No awards show
GM's initiative lacks a significant component of error reward programs.
"This is not a bug bonus program until the prize is offered," said Casey Ellis, CEO of Bugcrode.
He said that GM's initiative is a program to detect security vulnerabilities. This creates a way for researchers to notify GMs when a bug is detected.
Bribe bribe
Although GMs cannot pay bonuses for errors, it can pay for it through other methods, according to Johannes Hoch, CMO from Identifier Finder.
"The company pays this money all the time," Hosuch said. The legal error reward program is basically an attempt to exploit otherwise illegal activities. "
"Meanwhile, the senses continue," they recall near-free intelligence that could be collected through error reward programs.
DDoS Extortion
Europol announced last week that it had carried out a major crackdown against a criminal gang in December, adding two common electronic threats: denial attacks and distributed digital blackmail.
The agency said that during a global campaign against a group called DD4BC, Europol arrested a major target, detained another suspect and seized a large body through multiple searches.
"This particular group is well known and known in the security community," said Renee Papp, product marketing manager for A10 Networks.
Pollution is cheaper than ransom
DD4BC conducts DDoS attacks against targets based on its online presence for major revenue streams. After proving what they can do, he said, cyber criminals ask for ransom.
Tim Matthews, vice president of marketing at Imperv, said there is no point in paying this ransom.
Second, the payment will only identify you or your organization as a mark, and the offender can come back and ask for more . "
A breech diary
On January 11, Coin TV, US Fish and Wildlife Service in Portland, Oregon, required some of its employees to move out of their homes due to a data breach at the Malhur Wildlife National Refugee, which calls for "constitutional independence by unauthorized people "Is captured as a citizen. . "
11 January TaxAct has warned anonymous users that their personal information may be accessed by unauthorized parties. They believe that their system has been compromised by an attacker who uses their username and password obtained from a source outside Karak.
11 January InterXion warns its users that a breach of the CRM system is jeopardizing information on its 23,200 customer records, according to The Register reports.
11 January ISACA published a survey of 6320 members in 121 countries in which 63 percent opposed giving back encrypted information to governments, and 59 percent believed privacy was under threat to enforce strong cyber security laws.
On 11 January, SC magazine reported that the settlement had been reached by Citrix w0rm, a Russian pirate known for its attacks on the BBC, CNET, Adobe and Bank of America.
12 January. EBay confirms that it has corrected the XSS vulnerability that has put the personal data of millions of users at risk.
On January 12, personal data of about 18,000 Faithless fans was stolen from The Dance Act website, The Independent reports.
12 January. A Turkish court sentenced Onur Kopak, 26, to 334 years in prison for operating fake websites used to steal credit card numbers and bank credentials.
12 January. Microsoft has discontinued support for Internet Explorer 8, 9 and 10, including security patches.
13. On January 13, an Alliance Security Alliance survey of 209 security and high-tech professionals found that nearly a quarter of respondents (24.9 percent) would pay a ransom to stop a cyber attack, and pay more than 14 percent of their million dollars. to do this. .
13. On January 13, a study by Cloudmark and Fanson Bourne showed that the average cost of a randomly generated phishing attack for an American business was $ 1.8 million.
14 January OpenSSH issues a critical vulnerability that can be used to uncover private encryption keys. The bug was found in an unspecified feature called "roaming" that supports restarting SSH connections.
Two white hated hackers, Charlie Miller and Chris Falsik, made headlines last year when they demonstrated how they hijacked mobile's vehicle control systems over the Internet. The move attracted the attention of the auto industry, and last week GM developed a program to encourage more digital dabblers to alert the company if defects were found in GM cars.
Working with HackerOne, GM has published a set of guidelines for sending blame to the company. Nevertheless, the guidelines state what the error seeker must do to avoid prosecution.
Tags:
Tech tips