Techno. & Science - Page 2 - Yegna tube | The best online Entertainment Site in Ethiopia
Yegna tube | The best online Entertainment Site in Ethiopia
Login / Register


Techno. & Science

  • Dutch Hacker Earns One Million United Airlines Miles For Finding Security Flaws


    Dutch Hacker Earns One Million United Airlines Miles For Finding Security Flaws

    Never did this 19-year old security researcher think that discovering vulnerabilities in an airline’s system would earn him one million frequent flyer miles. That’s right!

    Based in the Netherlands, Olivier Beg discovered 20 separate security flaws within United Airlines’ computer systems. As a reward, the airlines offered million United MileagePlus miles — a $25,000 value – for revealing 20 bugs to United’s program, as part of a challenge to help the company fix security flaws on its website.

    The bug bounty scheme was introduced by the airlines in May 2015 calling it an extension of its commitment to protecting customers’ privacy and the personal data they share with the airline. Through this scheme, they want to encourage bug hunters to discover and report vulnerabilities in the system responsibly to the airline rather than publish them online.

    This week, Beg flew to Las Vegas for hacker conferences using part of his winnings. According to Netherlands Broadcasting Foundation, the flights to Vegas cost Beg only 60,000 airline miles and €5 in airport taxes.

    United Airlines’ bug bounty program rewards security researchers up to one million flyer miles for reporting remote code execution bugs, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.

    Beg reported about 20 bugs to United Airlines, wherein his highest single reward earned was 250,000 miles. However, he collected 1 million miles in total. He wouldn’t reveal what flaws he found.

    At the age of 13, Beg began hacking companies to expose security flaws and in the process discovered flaws in the code for Facebook and PayPal, which fetched him $5,000. Currently, Beg is working as the head researcher for cybersecurity firm, Zerocopter, and says he hacks for fun. However, he thinks he could easily make a living out of it. “I know a hacker who earned 250 thousand euros in two years,” he added.

    Bug bounty programs are not a new idea for the industry. Tech giants including Apple, Facebook and Google all offer awards to those who can point out flaws in their programs. Until date, United is the only U.S. airline to offer a bug bounty.

    source: - 

    Read more »
  • CompTIA Launches New Training Program To Combat Human Error Data Breaches


    CompTIA, the IT industry’s trade association, has launched a new training program designed to combat data breaches caused directly by human error.

    CyberSecure will aim to educate all employees at an organization, from receptionist right up to the CEO, in the basics of cybersecurity, the group said in a statement. According to CompTIA, human error is both the most common and the most preventable source of data breaches.

    The course can be taken online and at the user’s own pace. The course’s modules were developed by CompTIA’s IT Security Community, a group of security leaders from the IT industry.

    It covers six primary areas, the group said:

    1. Protecting yourself and your company from information leaks: understanding the difference users can make to a company’s security and the steps they can take to make it safer.
    2. Basic categories of information security threats: understanding where leaks can come from and the different types of threats.
    3. Cultivating a safe information mind-set: how IT and HR policies can help instill secure behavior
    4. Cultivating a safe environment: the security practices employees should adhere to in the office or working remotely.
    5. Implementing safety strategies online: how practicing awareness, vigilance and scepticism will keep data safe
    6. Protecting data and networks: how users can protect their businesses’ networks.

    The overall aim is to educate users so they become the first line of defense at an organization. This will reduce the number of incidents that IT staff have to deal with.

    “It’s clear that cybersecurity is no longer exclusively the domain of the IT security department,” said Graham Hunter, VP Certifications, Europe and Middle East, CompTIA. “The responsibility lies with all employees to be secure with their devices. This only increases as more employees work remotely and on the move.”

    CompTIA’s own research found that 52% of data breaches are caused by human error, while similar research from IBM found that 95% of breaches have an element of human error attached. Further research from the Ponemon Institute found that “careless employees” were the number one cause of data breaches.

    “Every business that uses IT needs to be aware of the consequences when employees don’t follow cybersecurity best practices,” said Hunter. “Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious, but more often the result of a lack of training, lack of knowledge or simply general carelessness.”

    Photo © Dean Drobot

    Read more »