Hacker to get $12,500 from Facebook for finding photo glitch

An “ethical hacking enthusiast” from southern India is to receive a $12,500 bounty from Facebook after discovering a vulnerability which allowed him to delete any photo hosted on the social network.

Posting details of the discovery on his blog this week, Arul Kumar told how the bug was initially dismissed by the company, prompting him to make a step-by-step video showing the flaw in detail.

In the video he explained how he “exploited Mark Zuckerberg’s photo from his photo album”.

Kumar held off on actually deleting any images of the Facebook founder, but on receiving the video evidence the bug was accepted as fact by Facebook, with Kumar receiving a message from one of the company’s security team telling him, “I wish all bug reports had such a video”.

Rewarded
With the vulnerability fixed in recent days, it allowed the 21-year-old to reveal full details of his work and the $12,500 reward through his blog.

Vice president for security research with Trend Micro, Rik Ferguson, said some industrious ethical hackers may see finding such issues as a solid revenue stream, with other companies such as Microsoft, Google and PayPal offering similar rewards for finding glitches within their sites, services and products.

“And why not? It’s a lot of effort to find the defects and it’s only right then that people should be rewarded for those efforts as it’s helping whoever the defect affects to develop a better end product,” he said.

Ferguson told The Irish Times that “there was a big movement a few years ago of ‘no more free bugs’ as people were sick of not being rewarded for finding errors and vulnerabilities, and in response to that a lot of companies have begun these bounty programs.”

Security blogger and head of technology for the Asia Pacific region with Sophos, Paul Ducklin, noted that the reason Facebook paid Kumar “top dollar” by bounty standards (with many bounties starting at $500) was that “it’s not just deleting a photo, it’s something which could be used for malware”.

Ducklin noted that in the case of a company such as Microsoft some bounties can reach up to $100,000, depending on the complexity and importance of the flaw discovered. Ducklin added that the decision by Kumar to present his case by video was certainly of help to his case.

Vulnerability
“The bounty amounts vary by how hard it is yes, but also how well you present your case and by doing it through video it makes it much easier for them to fix it as they can see what exactly they have to do.”

Kumar’s methods of highlighting the bug were more successful than the recent efforts of Khalil Shreateh, an IT graduate from Palestine, who had discovered a vulnerability which allowed someone to post a message on a person’s Facebook timeline, even if they were not “friends” with that individual.

After becoming upset when an official Facebook response told him “this is not a bug”, Shreateh posted a message on Zuckerberg’s personal wall utilising the vulnerability in question.

However, as this violated the company’s terms for discovering bounties Shreateh found he would not be receiving any reward and instead saw his account temporarily suspended.

McAfee opens Cyber Defense Center in Dubai to tackle hacking

DUBAI: Computer anti-virus giant McAfee has opened its first Cyber Defense Center (CDC) in Dubai at a time when the region's businesses have witnessed numerous damaging attacks.

The launch of the CDC will be an additional tool to help protect customers across the Europe, Middle East and Africa (EMEA) region from emerging threats.

The CDC team comprises of expert consultants, with more than 70 years combined experience in incident response handling across the public and private sector.

"McAfee's elite presence in the region enables customers to have a connected approach to cyber security," said Ayman Al-Issa, Digital Oilfields Cyber Security advisor.

"The local, on-the-ground presence provided by the CDC will make it easier for all entities to take advantage of McAfee's expertise and also reduce response time in the event of a crisis of any kind. McAfee once again shows leadership and solution differentiation with the opening of this new Center," he added.

The governments in the region have been investing heavily in new solutions to prevent and minimise the impact of attacks and McAfee's CDC will be working closely with key stakeholders to look for ways to improve protection.

"The rising frequency of outages due to hacktivist, criminal and terrorist activities has brought the security issue front of mind," said Gert-Jan Schenk, President of McAfee in EMEA.

Over the last year, a tremendous increase has been detected in malware and attacks targeted at EMEA organisations. As an example, Ukraine and Belarus both experienced an increase in spam of more than 200 per cent in Q2 2013.

Pranav Mistry: Samsung Galaxy Gear smartwatch is packed with technologies from the next decade

BERLIN: Samsung Electronics unveiled its highly anticipated digital wristwatch that can snap photos, track workouts and use an array of apps - gadgetry that the company hopes will catapult it into a market of smart portable devices that leave cellphones in users' pockets.

Named the Samsung Galaxy Gear, the so-called smartwatch will join Google Glass as the latest example of wearable technology. The watch is synced to a cellphone, allowing users to answer calls and receive text messages from their wrists. The timing of the release could also give Samsung a leg up over Apple, which has yet to unveil a similar device but has long been rumored to be working on one.

At a much-hyped unveiling ceremony ahead of Berlin's Internationale Funkausstellung, one of the world's largest trade shows for consumer electronics, Samsung's head of mobile communications, JK Shin, introduced the device by pretending to receive a text message on stage.

"Don't forget to mention Android," Shin's message read.

He then raised his left arm, exposing the watch to applause from both the Berlin crowd and people in Times Square in New York, who were patched into the event via a video stream. Like other smartphones and tablets Samsung produces, Gear runs on Google's Android operating system.

From the Gear's small screen, which measures 1.63 inches diagonally, users can also receive emails, share pictures and use apps designed for Gear. It does not, however, function as a stand-alone device and must be paired with a Samsung phone or tablet.

Pranav Mistry, the head of research at Samsung Research America, said the watch was "packed with technologies from the next decade."

The watch has a rubbery wristband in which a small 1.9-megapixel camera is embedded. Its display surface has stainless steel bezels with four visible screws in each corner.

The watch is activated by pressing a button on the outer right side of the display or aiming the wristband lens at an object. A gentle swipe downward quickly turns on the camera, a feature Samsung calls the "Memographer."

"This is a feature that changes the way we interact, the way we express and the way we capture," Mistry said.

From the home screen, swiping upward brings up a number pad where a user can make a call. Because a gyroscope and accelerometer detect the Gear's movement, a user can answer calls by lifting his wrist to his ear.

"We have uniquely positioned the speakers and microphones so you can talk as you would on a regular phone," Mistry said.

The Gear is set to be released worldwide next month, although neither Shin nor Mistry gave a date. Also under wraps was the cost, something many believe could be a determining factor in whether the next-generation technology hits home with consumers who have historically been reluctant to adopt such "wearables of tomorrow," as Mistry called the Gear.

Samsung, which overtook Apple last year as the world's largest producer of smartphones, got into the watch business in 1999 with a model that consumers shunned.

Galaxy Gear has 512 megabytes of RAM and an internal memory of four gigabytes. It has an 800-megahertz, single-core central processing unit and weighs 2.6 ounces. Available colors include lime green, oatmeal beige, wild orange, mocha gray, jet black and rose gold.