L33tdawg: Got code kungf00? Register here: http://conference.hitb.org/hitbsecconf2013kul/event/hackweekday/ First come, first serve and COMPLETELY FREE!
This October, developers from around the globe have an opportunity to showcase their coding skills to an international audience at the HackWEEKDAY hackathon here in Kuala Lumpur.
The CEOs of Yahoo and Facebook were each on the hot seat Wednesday answering questions about the U.S. government’s data surveillance programs.
Yahoo CEO Marissa Mayer, in an on-stage interview at the TechCrunch Disrupt conference in San Francisco, said she couldn’t say more about the programs than Yahoo already has because doing so could be “treason.”
Facebook, Google, Yahoo and Microsoft all filed petitions Monday with the Foreign Intelligence Surveillance Court, as part of a renewed effort to reveal more information about government data requests.
The companies had already petitioned the U.S. government to let them be more specific in reporting the volume of national security-related requests they receive, following the first leaks in June about government surveillance programs such as Prism.
The companies said Monday they are pushing harder now because those previous efforts did not pay off.
"We want to be really, really clear that whenever you give us information, we're going to take it."
These aren't the words of some suede-shoed government spy, trying to put an honest face on an inherently sneaky job.
After a review on the language changes to its Statement of Rights and Responsibilities and Data Use policy, Facebook could decide to go back to the drawing board.
Last week, the social network made a host of changes to the language it uses to describe its privacy policy, and these changes were up for user review for one week. Now that the review period has ended, it's unclear whether the social network will keep the language or massage it some more.
Security researcher Arul Kumar was paid $12,500 by Facebook, after discovering and reporting a bug that would allow any user to delete the photos of other Facebook users, simply by changing parameters in a URL.
The severity of the security flaw apparently induced Facebook to pay Kumar far more than the base bounty of $500 for bugs reported through the website’s white hat security program.
A piece of malicious software masquerading as a Facebook video is hijacking users’ Facebook accounts and Web browsers, according to independent Italian security researchers who have been investigating the situation.
The malware appears as a link in an e-mail or Facebook message telling people that they have been tagged in a Facebook post. When users go to Facebook and click the link, they are sent to a separate Web site and prompted to download a browser extension or plug-in to watch a video, said one of the researchers, Carlo De Micheli, in a telephone interview on Monday.
Palestinian security researcher Khalil Shreateh is set to receive more than $10,000 in donations after Facebook refused to pay him for significant security flaw he disclosed in a way that breached its terms of service.
The security researcher yesterday attempted initially to somewhat quietly inform Facebook of the flaw which allowed him to post updates to any users' profile Wall.
Now that Facebook has refused to pay a Palestinian security researcher the bug bounty he hoped to earn for reporting a problem with its service, a top security researcher has launched a campaign to pay him the money Facebook denied him.
The campaign, launched by security pro Marc Maiffret, has raised $6,030 for Khalil Shreateh thus far, more than ten times the amount that Facebook’s bug bounty program pays out for bugs of this sort.
A Facebook engineer blamed language difficulties and documentation issues for a delay in fixing a bug that let a security researcher post directly to founder Mark Zuckerberg's Timeline, which is restricted if two users aren't friends.
Khalil Shreateh, who lives in Palestine, demonstrated the vulnerability by writing a message on Zuckerberg's Timeline after an earlier bug report he submitted wasn't acted upon, according to his blog.
