Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Facebook Threatens Researcher Over Instagram Hack (securityweek.com)

wiredmikey writes: A researcher claims he was threatened by Facebook after he responsibly disclosed a series of vulnerabilities and configuration weaknesses that allowed him to gain access to sensitive information stored on Instagram servers, including source code and the details of users and employees.

Wesley Wineberg says he discovered a remote code execution (RCE) vulnerability that allowed him to read a configuration file containing credentials needed to access database, which revealed roughly 60 accounts belonging to Facebook and Instagram employees. Wineberg also discovered that the server had been running on Amazon’s EC2 service and a list of more than 1,400 systems had been hardcoded into the /etc/hosts file.

While Facebook confirmed the existence of the RCE vulnerability and promised a $2500 reward, Facebook later agued that he violated user privacy when he accessed the data. Furthermore, Wineberg claims Facebook’s CSO, Alex Stamos, contacted him via the CEO of Synack, the vulnerability research firm he works for.

“Alex informed my employer (as far as I am aware) that I had found a vulnerability, and had used it to access sensitive data. He then explained that the vulnerability I found was trivial and of little value, and at the same time said that my reporting and handling of the vulnerability submission had caused huge concern at Facebook,” Wineberg said. “Alex then stated that he did not want to have to get Facebook's legal team involved, but that he wasn't sure if this was something he needed to go to law enforcement over.”

Stamos allegedly attempted to convince the researcher and his employer to keep the existence of the security holes private and delete all data obtained from Instagram systems.

“In my opinion, the best course of action was to simply be transparent with all of my findings and interactions. I am not looking to shame any individuals or companies, but I do believe that my treatment in this situation was completely inappropriate,” Wineberg said.

Games

Submission + - Blizzard Boss Says DRM Is A Waste Of Time (thinq.co.uk) 2

Stoobalou writes: Blizzard founder, Frank Pearce reckons that fighting piracy with DRM is a losing battle.

His company — which is responsible for the biggest videogame of all time, the worryingly-addictive online fantasy role player World of Warcraft — is to release Starcraft 2 on July 27th and Pearce has told Videogamer that the title won't be hobbled with the kind of crazy copy protection schemes which have made Ubisoft very unpopular in gaming circles of late.

Starcraft 2 will require a single online activation using the company's Battle.net servers, after which players will be allowed to play the single-player game to their hearts' content, without being forced to have a persistent Internet connection.

Submission + - Sudden acceleration due to Toyota computer glitch? (go.com)

cyclocommuter writes: Some Toyota owners are up in arms as they suspect the accidents have been caused by some kind of glitch in the electronic computer system used in Toyotas that controls the throttle. Refusing to accept the explanation of Toyota and the federal government, hundreds of Toyota owners are in rebellion after a series of accidents caused by what they call "runaway cars."

Submission + - Missing dot drops Sweden off the Internet (networkworld.com)

netbuzz writes: What was essentially a typo last night resulted in the temporary disappearance from the Internet of almost a million Web sites in Sweden — every address with a .se top-level down name — during routine DNS maintenance. . "This little mistake is going to affect Internet traffic for two days," says a spokeswoman for the organization that administers .se.

Slashdot Top Deals

It seems that more and more mathematicians are using a new, high level language named "research student".

Working...