flaws

David Menidrey

Private Firm Outdoes Apple, Offers $500K To Hackers Who Find Flaws In iPhone

A week after Apple finally announced its first bug bounty program, promising to hand over up to $200,000 to hackers who find and alert Apple about security flaws, a private exploit trading firm is offering security researchers a better deal for their vulnerability intel on the tech giant: up to $500,000.  [More]

Are You Sure You Want To Add That Facebook App?

Are You Sure You Want To Add That Facebook App?

Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.

Did The Chicago Tribune Embarrass The CPSC Into Recalling A Million Cribs?

Did The Chicago Tribune Embarrass The CPSC Into Recalling A Million Cribs?

Photographs taken of Liam Johns’ crib by the Sacramento County Coroner’s Office clearly show where it came apart.

1 Million Cribs Recalled After 2 Deaths

1 Million Cribs Recalled After 2 Deaths

About 1 million Simplicity cribs were recalled yesterday due to several deaths related to a defect which can cause children to become trapped and suffocate.

Vista Has Security Flaws Already, LOL

Vista Has Security Flaws Already, LOL

The New York Times is reporting that Microsoft Vista has security flaws. Yes, already. In addition to a flaw that lets users increase their own privileges and override all the new fancy Vista security, there’s a “troubling” flaw in IE7. “The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site.”