Connect with us

Hacking

Uber Welcomes Hackers with Its First-Ever Bug Bounty Program

Published

on

In a friendly nod to roping in and not employing white-hat hackers to look through its code to uncover vulnerabilities and possible weaknesses to exploit, Uber has announced a bug bounty program for security researchers or white-hat hackers.

With its first ever bug-bounty program, Uber has revealed that it will reward and pay independent security researchers with thousands of dollars for finding vulnerabilities in its websites and its apps across different platforms.

Uber is launching its official bug bounty program on popular platform HackerOne. Notably, Uber is also trying to keep white-hat hackers on its side with a “loyalty system” that rewards hackers with bonuses for repeated disclosures of bugs, exploits and other vulnerabilities on Uber’s platform. Essentially, they are rewarded with compounding interest on their rewards, if they stay loyal to the company.

Notably, hackers will have up to 90 days to identify bugs in Uber’s system. Before Uber starts paying them however, hackers will need to disclose at least four bugs in Uber’s platform. Hackers who find a fifth bug will gain a bonus that’s equal to 10 percent of the average of the previous four bugs. This feature, according to Uber, will serve as a “loyalty program” to ensure that hackers are encouraged to keep searching for bugs in Uber

Uber Tiers

‘Medium’ issues that are discovered will be rewarded with $3,000 for discovery while the reward could go up to $10,000 for critical issues.

‘Critical issues’ include any hackable exploits that involve information pertaining to drivers’ social security numbers, credit card details, bank account numbers, driving license images and more. A hack that results full account compromise of the rider or driver’s account is also considered as a critical issue. So too does payment or driver invoice information exposure, like a breach. Any potential access to Uber’s source code is also considered a critical issue. As are vulnerabilities leading to the compromise of Uber employee accounts, by circumventing two-factor authentication.

The second tier, deemed as Significant Issues rewards hackers $5,000. Exploits that are considered will include Cross-site Scripting concerns that can damage Uber’s brand by smearing the home-mage. Missing authorization checks that could lead to the exposue of email addresses, date of birth, phone numbers and names will also be considered.

Finally, ‘Medium Issues’ constitute the third tier, at $3,000 where rate limiting concerns, account validation bypasses and other smaller exploits – relatively speaking – are rewarded.

In the past, Uber has suffered massive breaches including one that occurred in May 2014 which affected nearly 50,000 drivers. The company was only able to discover the breach four months later in September 2014 before finally making news of the breach public in March 2015.

Uber has, in the past, even agreed to pay $20,000 as a fine for the explicit ‘failure to provide timely notice to drivers’ about a breach that occurred in 2014.

 Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4 stars on average, based on 1 rated postsSamburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

Altcoins

Ledger Making Major Announcement On January 7 as the Case for Cold Storage Grows

Published

on

2017 was a breakthrough year for cryptocurrencies.  Many traders were able to generate incredible, life-changing profits.  And while not everyone was able to maintain those profits, the excitement led many to seek out the safest ways to protect their assets.  Even now, after experiencing a massive drop in crypto valuations, asset protection is still a major issue.  This is especially true given all the wallet and exchange hacks that have occurred during the past 12 months.  A few of the most notable hacks that have occurred are:

  • Coincheck – January 2018 – $530 million loss
  • BitGrail – February 2018 – $195 million loss
  • Bithumb – June 2018 – $31 million loss

These are just a few examples of significant losses that have crypto traders have suffered.  A report from blockchain security firm, CipherTrace, estimated that hackers stole $927 million from cryptocurrency related platforms during the first nine months in 2018.  Although the lack of regulation is normally cited as a benefit by cryptocurrency proponents, it also creates major security concerns for those with valuable crypto portfolios.  So, what’s the best way for traders to protect themselves?  Cold storage.

What is Cold Storage?

The one place that traders should not keep their assets is direct on the exchanges.  Given all the exchange hack attacks, especially the ones cited in this article, a better option is available.  Cold storage means keeping digital assets offline (i.e. away from internet access).  By storing assets offline, the assets are significantly less susceptible to being hacked and/or stolen.

While there are several cold storage options available, the two most popular are the Ledger Nano S and the Trezor.  Although the Trezor hardware wallet was designed by the highly respected SatoshiLabs, the Ledger Nano S has emerged as the most popular.

Ledger Nano S

The Ledger Nano S is the most widely used multi-currency hardware wallet in the cryptoverse.  It’s the only hardware wallet that features a secure chip with a custom operating system.  While many other hardware wallets do contain a “simple chip,” the Ledger Nano comes with a “smartcard chip.”  This smartcard chip is used for applications that require extreme measures of security such as passport biometric data and credit card details.

Since its inception in 2014, the company has grown by leaps and bounds.  The Ledger Nano now supports over 1,100 currencies thanks to its compatibility with other mainstream wallets such as MyEtherWallet and MyCrypto.

Major Announcement on January 7

Ledger is known for being on the cutting edge of blockchain and crypto security.  Therefore, many expect the announcement this coming Monday to be a big deal.

While it’s not yet clear what the announcement is regarding, many are speculating on the possibility of a new and improved Ledger device.  Perhaps one that comes with additional storage capacity and an enhanced screen.  A few reddit posters even mentioned the possibility of fingerprint authentication which, would be quite interesting.

Another hint that an improved device is coming is the fact that Ledger is currently offering a 30% discount on Ledger Nano S wallets.

Conclusion

I’m not sure yet what the announcement will be but I’m certainly eager to find out given that I’m a huge fan of their products.  While the Ledger Nano S is my go-to cold storage wallet, it isn’t perfect.  There are things I would love to see improved and fingers are crossed that Monday will be when that happens.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.8 stars on average, based on 24 rated posts




Feedback or Requests?

Continue Reading

Cybersecurity

DarkOverlord Hacker Group Demands Bitcoin Ransom or 9/11 ‘Truth’ Will be Revealed

Published

on

The hacker group known collectively as thedarkoverlord has revealed itself to be in possession of highly sensitive stolen documents pertaining to the truth surrounding the events of September 11th, 2001.

The group hacked the private databanks of global insurance firms such as Lloyds of London and Hiscox Syndicates Ltd, and have demanded an unspecified sum in Bitcoin in return for not making the files public.

TheDarkOverlord

The hacker group have a long and ‘successful’ history of high-profile attacks against various corporate entities. Not all have been benevolent, such as the attack on a medical center which acquired sensitive patient data and then demanded payment for its removal from public view.

In 2017 the group hacked Netflix servers and stole an entire new season of Orange Is The New Black, which was then posted online before its release date.

The current batch of documents arrived as a result of a previous blackmail effort against insurance group Hiscox Syndicates Ltd. After Hiscox paid the hacker group to keep sensitive documents quiet, the insurance firm reneged on their part of the deal and got the authorities involved.

This made thedarkoverlord re-double their efforts against the firm, and now threaten to sell everything they have to the highest bidders. This is all according to a pastebin post by the group which details, and brags about, recent events.

9/11 Truth

According to the post, the majority of the documents are files which were supposed to be routinely deleted by insurance firms after their inspection. These files were not deleted, however, and the group have already released photographs of internal documents from the period directly following 9/11.

“What we’ll be releasing is the truth. The truth about one of the most recognisable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers.”

The treasure trove of documents, which number 18,000 and are currently posted publicly but heavily encrypted, also draw from the internal communications at Silverstein Properties – the owners of the World Trade Center real estate.

The group’s motives are not easily ascribed, as evidenced by this statement welcoming bids from anyone and everyone, including terrorist groups:

“If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.”

The Pursuit of Internet Money

The group claim that they have no political motivations whatsoever, and do what they do purely in the pursuit of…

“…Internet money. (Bitcoin)…”

Details on how to access the files are posted in the pastebin document. Individuals who think they might be associated with the documents are also offered the chance to pay in BTC to have their names redacted before release.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 147 rated postsGreg Thomson is a full-time crypto writer and digital nomad. He eats ICOs for breakfast and bleeds altcoins. Wherever he lays his public key is his home.




Feedback or Requests?

Continue Reading

Altcoins

EOS Price Forecast: EOS/USD Heading for Another 300% Move?

Published

on

  • EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern.
  • The price is moving around levels seen back end of March to early April, before a bull run of over 300%.

The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend.

EOS DApp Hacked Again

An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities.

Technical Review – 4-hour Chart View

EOS/USD 4-hour chart

EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity.

Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory.

April 2018 Bull Run

EOS/USD April bull run

In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today.

Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 125 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending