Rolling in the bounty
We hear a lot about bug bounties and how some people are potentially making a lucrative living off it.
HackerOne has paid out over $24m in bounties in the last five years. That’s some serious cash, considering how far that translates into local currencies. So, they asked some of their top hackers how they spent their money.
- How hackers spend their bounties | HackerOne
SIM hijacking, the aftermath
In last week’s roundup there was a story about SIM swapping and how T-mobile USA was sending texts to customers stating they may be victims of fraud.
We often cover such stories, shake our heads and tut loudly before moving on. But Motherboard got in touch with nine victims of SIM hijacking and told their stories. It’s quite a wake-up call to the real-life impact scams and fraud can have on individuals.
Not entirely security related news, but hey if everyone is referring to it as ‘crypto’ I can include it here right?
Joseph Steinberg considers what the future holds for Bitcoin, which sits at the head of the table of cryptocurrencies today, while other currencies are nipping at its heels.
- Will Bitcoin become the MySpace of Cryptocurrencies? | Joseph Steinberg
Another cryptocurrency theft
- Italian Cryptocurrency Exchange BitGrail Lost $170 Million Worth of Nano to Hackers | InterestingEngineering
- There are lessons to be learned from government websites serving cryptocurrency miners | Virus Bulletin
- Could Bitcoin break the NHS? Latest crypto-jack attack ‘the first of many’, say experts | Express
Chinese police are wearing sunglasses that can recognize faces. No, that’s not a plot of a movie, but what’s actually happening. Railway police in Zhengzhou, a central Chinese city, are the first in the country to use facial-recognition eyewear to screen passengers during the Lunar New Year travel rush. The devices have allegedly already helped nab seven fugitives related to major criminal cases such as human trafficking and hit-and-runs, and 26 others who were traveling with fake identities.
While that may be well and good, there are some issues with facial recognition. Joy Ruolamwini, a researcher at the M.I.T. media lab, has shown how real-life biases can creep into A.I. The result is that for a white man, facial recognition is right 99 percent of the time, but the darker the skin the more errors arise – up to nearly 35% for darker skinned women.
- Chinese police are wearing sunglasses that can recognize faces | QZ
- Facial Recognition Is Accurate, if You’re a White Guy | NYTimes
- Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties | Peerlyst, a Davi Ottenheimer talk
The good folk over at NCC group have published the second part of their findings since they were asked by a client to rebuild NotPetya from scratch. Well, not the exact same, as they changed the destructive payload out for telemetry and safeguards so they could measure what the impact of NotPetya would have been. It’s a good read.
Sony hands over data to the FBI
It seems like a lifetime ago opinion was split as to whether Apple should decrypt an iPhone of a suspected terrorist. Well, things still aren’t crystal clear, but in the latest development, Sony has handed over information to the FBI on a PlayStation 4 user suspected to planning to travel from Kansas to the Middle East to fight on behalf of a terrorist organisation.
Finding insecure AWS S3 buckets got a whole lot easier
As if misconfigured AWS S3 buckets that expose supposed information to the public wasn’t a big enough problem, a new search engine makes the job even easier.
The developers of the service, named BuckHacker, claim to be doing the project to increase the awareness on bucket security.
- ‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers | Motherboard
- Search tool accesses firms' documents in the cloud | BBC
Longer tech reads
A couple of longer and well-written technology-related articles that I enjoyed this week