Google Launches Project Zero To Find Security Bugs In Third-Party Software

bug Google today announced that it is launching Project Zero, an internal team of security specialists tasked with finding vulnerabilities in third-party software — not to exploit them, but to alert the developers and avoid the next Heartbleed. The Heartbleed bug put the whole software industry on heightened alert, and Google, Facebook, Microsoft and many others already formed a… Read More

NSA-Mocking Easter Egg Found In Google’s New Email Encryption Plug-In

Screen Shot 2014-06-04 at 5.07.47 PM Google recently made waves by introducing the framework for a tool that will bolster email encryption through a coming plug-in for its Chrome browser. TechCrunch noted the complexity of the problem that Google is taking on, and that it seemed like a worthy task. Read More

Google Plans To Launch An Easy-To-Use Chrome Plug-In For Email Encryption Soon

google_tls_landing_hero Google today announced that it will soon release a Chrome plug-in that will enable end-to-end encryption for web-based email services. The plug-in is based on the OpenPGP email encryption standard. Google’s plan here is to make encryption easy enough to use to become widespread among mainstream users. Right now, unless you are fairly technical and can get extensions like Mailvelope to… Read More

Google Chrome Goes 64-Bit, Promises Better Stability, Security And Performance

chrome Most modern operating systems now natively support 64-bit processors, but even though many developers now offer 64-bit versions of their applications, browsers have generally lacked behind this move (though there are a number of unofficial 64-bit versions of Firefox, for example). Google, however, is releasing its first 64-bit version of Chrome today into the highly experimental Developer… Read More

Chrome For Windows Will Now Only Install Extensions From Google’s Web Store

chrome_pin This has been a long time coming, but starting today, Chrome users on Windows will only be able to install extensions from Google’s own Chrome Web Store. Google argues that this is meant to keep malicious extensions — which are often installed from third-party sites — in check. Read More

Google Looking At Dropcam And The Home Security Market, Says The Information

dropcam-hd Google has reportedly ben interested in Dropcam as an acquisition target, according to a new report by The Information today. The supposed purchase would help Google with its aim of getting into the home security market, and would be tied to Google’s Nest division, which seems to be turning into Google’s smart home and consumer Internet of Things play. The Information’s report… Read More

Another Security Flaw Gets the Heartbleed Treatment, But Don’t Believe the Hype

Covert-redirect
Feed-twFeed-fb

Breathless reports of a new security flaw affecting OpenID and OAuth — the technology that powers the identity logins for services such as Facebook, Microsoft, Google and LinkedIn — hit the news Friday. Dubbed "Covert Redirect," the flaw could enable malicious sites or links to grab a user's login information.

The announcement of Covert Redirect is straight out of Heartbleed's marketing manual, coming with both slick website and fancy logo. Coupled with the widespread usage of OAuth and the growing awareness of potential security threats, Covert Redirect certainly sounds bad

More about Facebook, Security, Openid, Oauth, and Tech

Hackers Compromise 2 Million Facebook, Twitter and Gmail Accounts

Facebook
Feed-twFeed-fb

More than 2 million accounts have been compromised from popular sites such as Google, Yahoo, Twitter, Facebook and LinkedIn after malware captured login credentials from users worldwide, according to a new report.

According to web security firm Trustwave, hackers have stolen login usernames and passwords across various sites in the past month with the help of Pony malware, a bit different than a typical breach.

"Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies networks," said Abby Ross, a spokesperson for Trustwave. "Individual users had the malware installed on their machines and had their passwords stolenPony steals passwords that are stored on the infected users' computers as well as by capturing them when they are used to log into web services." Read more...

More about Facebook, Twitter, Security, Gmail, and Hackers

Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace

Screen Shot 2013-09-04 at 8.09.29 PM

Crowdsourced bug bounty marketplace Bugcrowd has raised $1.6 million from investors to grow its community of 3,000 vetted security penetration testers who can find vulnerabilities and weaknesses in a new feature or application. The Australian startup is hoping to democratise the models commercialised by Facebook and Google, who have paid out millions of dollars to ethical hackers who find and report bugs in their software — before those vulnerabilities are exposed publicly.

Investors ICON Venture Partners, Paladin Capital Group, and Square Peg Capital, as well as angels, committed the seed round investment to expand its sales and marketing operations and expand the firm’s development team to build out the marketplace.

Bugcrowd and similar marketplaces, such as Danish firm CrowdCurity, are democratising the crowdsourced penetration testing model which has previously been only available to the biggest software companies that can afford to pay out millions of dollars.

The crowdsourced model allows companies to expose their applications and software to a diverse range of testers, discovering small bugs and vulnerabilities for a fraction of the price compared with contracting a security consulting firm to do the work.

Bugcrowd tailors bug bounty competitions for individual projects, while CrowdCurity says that it only charges for bugs that are found in the application.

The startup, founded by security researchers Casey Ellis and Sergei Belakomen, graduated from the Sydney-based Startmate accelerator program in 2011 and has been used by customers such as Australian retail giant Coles Myer, Rabobank and e-commerce platform provider Big Commerce.

Google recently increased the minimum rate it will pay for bugs, from $1,000 to $5,000. It revealed it has paid out almost $2 million to security researchers in the past three years, for discovering 2,000 security holes in its Chromium and web apps. Facebook also announced it had paid out $1 million to 329 security researchers. Earlier this year, Microsoft also (reluctantly) launched its own bug bounty program.


Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace

bugcrowd

Crowdsourced bug bounty marketplace Bugcrowd has raised $1.6 million from investors to grow its community of 3,000 vetted security penetration testers who can find vulnerabilities and weaknesses in a new feature or application. The Australian startup is hoping to democratise the models commercialised by Facebook and Google, who have paid out millions of dollars to ethical hackers who find and report bugs in their software — before those vulnerabilities are exposed publicly.

Investors ICON Venture Partners, Paladin Capital Group, and Square Peg Capital, as well as angels, committed the seed round investment to expand its sales and marketing operations and expand the firm’s development team to build out the marketplace.

Bugcrowd and similar marketplaces, such as Danish firm CrowdCurity and Synack, which recently raised $1.5 million from Greylock and Kleiner Perkins, are democratising the crowdsourced penetration testing model which has previously been only available to the biggest software companies that can afford to pay out millions of dollars.

The crowdsourced model allows companies to expose their applications and software to a diverse range of testers, discovering small bugs and vulnerabilities for a fraction of the price compared with contracting a security consulting firm to do the work.

Bugcrowd tailors bug bounty competitions for individual projects, while CrowdCurity says that it only charges for bugs that are found in the application.

The startup, founded by security researchers Casey Ellis, Sergei Belakomen and Chris Raethke, graduated from the Sydney-based Startmate accelerator program in 2011 and has been used by customers such as Australian retail giant Coles Myer, Rabobank and e-commerce platform provider Big Commerce.

Google recently increased the minimum rate it will pay for bugs, from $1,000 to $5,000. It revealed it has paid out almost $2 million to security researchers in the past three years, for discovering 2,000 security holes in its Chromium and web apps. Facebook also announced it had paid out $1 million to 329 security researchers. Earlier this year, Microsoft also (reluctantly) launched its own bug bounty program.


32 visitors online now
6 guests, 26 bots, 0 members
Max visitors today: 145 at 07:26 am EDT
This month: 145 at 07-25-2014 07:26 am EDT
This year: 145 at 07-25-2014 07:26 am EDT
All time: 279 at 10-18-2013 05:24 am EDT
Get Adobe Flash player