- Twitter awards $10,080 to Indian-origin hacker for discovering security flaw
Microblogging website Twitter awarded Avinash Singh, an Indian-origin White Hat hacker, $10,080 for discovering a security loophole in its Vine video-sharing service. The flaw enabled Singh to access the entire cache of Vine’s online code. Avinash Singh reported the security loophole to Twitter in March and was awarded with $10,080, through a bug bounty startup called HackerOne. According to a report by Hacker News website, the hacker discovered a Docker image for Vine while looking for vulnerabilities using censys.io. For those unaware, Docker is an open digital platform for developers and system administrators. From code to libraries, it includes everything required to build and run applications.
- Warning: Over 100 Tor nodes found designed to spy on deep web user
Researchers have discovered over 100 malicious nodes on the Tor anonymity network that are “misbehaving” and potentially spying on Dark Web sites that use Tor to mask the identities of their operators. Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. Furthermore, 25 percent of all 110 malicious HSDirs functioned as both HSDir and Exit nodes for Tor traffic, allowing the malicious relays to view all unencrypted traffic, conduct man-in-the-middle (MitM) attacks, and snoop on Tor traffic. While most malicious nodes queried for data like server root paths, description. Son server files, and the Apache server status updates, others carried out malicious attacks such as XSS, SQL injection attacks, and path traversal attacks.
Cyber Security Tips: Recently, the MIT researchers have created Riffle – a new anonymity network that promises to provide better security against situations when hackers introduce rogue servers on the network, a technique to which TOR is vulnerable.
- TechCrunch falls victim to OurMine hacking group
Verizon-owned prominent technology site TechCrunch has become the latest victim of the OurMine hacking group. OurMine Security appeared to gain publishing access to the site, which uses the popular content management system WordPress, and posted its now infamous message. A post on the site under the byline of Seattle-based writer Devin Coldewey said: “Hello Guys, don’t worry we are just testing TechCrunch security, we didn’t change any passwords, please contact us.” The post was then promoted as a ticker, the top banner in red and a main story on TechCrunch’s front page. The attacks underscore the inherent flaws in linked systems: your accounts, or in this case site, is only as resilient as your weakest link. Security experts recommend the use of two-step verification systems to help prevent accounts being compromised. It is unknown whether TechCrunch writer accounts required two-step verification for access to the site’s WordPress backend.
Cyber Security Tips: Improve your website backend security, Check for directory traversal vulnerability, Secure your content management account with strong password, use two way authentication if possible.
- Robust hashing could be new tech tool to fight terror online
Cutting-edge technology could emerge as the biggest tool to combat the menace. Hany Farid, senior advisor to the US-based Counter Extremism Project, has helped develop a technology called robust hashing which uses a software to identify images, videos, and audio clips by comparing them against a bank of stored content. With robust hashing, content can be taken down as soon as it is identified. “It can be fully automated. The only manual step would be if a service provider wants to check if posted material is by media outlet,” Farid told TOI over email, adding, “We can create a white-list of approved sites and ban all other users.”
This is how it works: Machines see an image as a series of 1s and 0s. Images and its components are identified by a unique code, known as a hash. The hash remains the same even if you resize or crop an image. While filtering images, the software compares these hashes against those of a repository of images it already has. A hash match leads to flagging of content.