Cookie

now browsing by tag

 
 

#minorsextrafficking | NPR Cookie Consent and Choices | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

NPR’s sites use cookies, similar tracking and storage technologies, and information about the device you use to access our sites (together, “cookies”) to enhance your viewing, listening and user experience, […]

The post #minorsextrafficking | NPR Cookie Consent and Choices | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | HackerOne awards $20,000 bug bounty after leaking session cookie to hacker

Source: National Cyber Security – Produced By Gregory Evans

Account takeover issue flagged through bug bounty platform’s own bug bounty program

Bug bounty platform HackerOne this week paid out a $20,000 bounty after a researcher was able to access other users’ vulnerability reports.

Haxta4ok00, a HackerOne community member who apparently has a track record of discovering vulnerabilities in the bug bounty platform, was engaged in a conversation with one of HackerOne’s security analysts.

In one message, the analyst copied a cURL command from a browser console and sent it to the hacker.

The analyst accidentally included a valid session cookie that gave the ability to read the data that they had access to. This included report titles, a certain amount of metadata, and some report contents.

HackerOne paid out a $20,000 bounty after leaking a session cookie to hacker

“Less than five per cent of HackerOne programs were impacted, and within two hours of receiving the vulnerability report, the risk was eliminated and additional preventative measures were deployed shortly after,” a HackerOne spokesperson tells The Daily Swig.

“All customers impacted were notified the same day.”

However, it took HackerOne two hours to read the report, thanks to lower staffing levels over the weekend.

The $20,000 cookie

Haxta4ok00 reported the vulnerability, which was treated as ‘critical’, on November 24. The bounty was awarded three days later.

“The team looked into the amount of sensitive information that could have been accessed by the account and took that under advisement when deciding on the bounty amount,” HackerOne explains in its incident report.

“This led to the decision to treat the submission as a critical vulnerability and award a $20,000 bounty.”

HackerOne says it’s carried out an audit, and that this is the first time that session cookies have been leaked.

It’s also released an update that limits HackerOne employees and HackerOne security analyst sessions to the IP address that they started the session with – a move that should prevent similar incidents in future.

Read more of the latest bug bounty news from The Daily Swig

“We’re also planning to roll out a number of smaller changes, such as warning the user when a comment seems to contain sensitive information and clarification in our policy about what to do when someone gains access to other people their account,” explains HackerOne co-founder Jobert Abma.

Craig Young, senior security researcher at Tripwire, was one of those to be informed that their reports had been disclosed.

“While I commend HackerOne for their response, this incident is yet another reminder of a distinct risk organizations take by using managed vulnerability reporting services like Bugcrowd or HackerOne,” he says.

“The consolidation of valuable data by such vendors creates a hugely attractive attack target for intelligence agencies – or even criminal actors – to fill their arsenal.”

Though perhaps better known for facilitating bug bounty payouts on behalf of other organizations, HackerOne is no stranger to the vulnerability disclosure process.

Since going live in November 2013, the organization has awarded more than $330,000 in bounties through its own bug bounty program.

READ MORE Bug Bounty Radar // November 2019

Source link

The post #hacking | HackerOne awards $20,000 bug bounty after leaking session cookie to hacker appeared first on National Cyber Security.

View full post on National Cyber Security

Cookie Johnson Reveals What Led To A Secret 2-Week Separation From Magic Johnson

Cookie Johnson has been married to basketball icon Magic Johnson for 25 years, so she’s often addressing probing questions about her relationship, but there’s one major aspect of her marriage that she managed to keep completely private: their brief separation over a decade ago.

As the wife and mother of two reveals both in her new memoir and in an interview with Oprah for OWN’s “SuperSoul Sunday,” Cookie and Magic’s marriage nearly ended back in 2001, when the couple secretly separated for two weeks without any tabloids or media finding out.

Read More

The post Cookie Johnson Reveals What Led To A Secret 2-Week Separation From Magic Johnson appeared first on Parent Security Online.

View full post on Parent Security Online

Cookie? Spam? Hacker? 11 everyday tech terms and their surprising origins

index

Source: National Cyber Security – Produced By Gregory Evans

Many of the words we use in the modern-day tech lexicon have surprising origins. OK, so the mouse is obvious, because it looks like a mouse. But we bet a lot of you didn’t know that the Bluetooth you use to pair your phone with a wireless headset was named after a 10th century Danish monarch who enjoyed blueberries? Read on for a little tech etymology lesson. Spam What is it? Unwanted and persistent emails, messages and communications from content providers or advertisers. Where did it come from? While this sounds like an obvious one – the Spam meat product is as undesirable to many as all those annoying messages and emails – that’s not actually the case. The first usage of Spam in a tech sense originates from a classic Monty Python sketch. During the skit, every item on a café menu features the tinned spiced ham, complete with Spam-obsessed Vikings singing its praises. Spam, wonderful Spam! What is it? An internet or social media user who deliberately posts inflammatory content in order to elicit a response. Where did it come from: Although it can often seem like an apt description, the origin of troll – in the modern […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cookie? Spam? Hacker? 11 everyday tech terms and their surprising origins appeared first on National Cyber Security.

View full post on National Cyber Security