Today: 20.02.2018
News
Opinion
Business
Living
Metro
Tech
Sport

Last News

02:50
Today
02:15
Today
00:39
Today
00:30
Today
23:52
19.02.2018
23:40
19.02.2018
23:14
19.02.2018
23:06
19.02.2018
23:05
19.02.2018
22:50
19.02.2018
21:48
19.02.2018
21:38
19.02.2018
21:32
19.02.2018
20:45
19.02.2018
20:27
19.02.2018
19:21
19.02.2018
19:01
19.02.2018
18:57
19.02.2018
18:02
19.02.2018
17:36
19.02.2018
17:31
19.02.2018
17:07
19.02.2018
17:03
19.02.2018
17:01
19.02.2018
16:41
19.02.2018
16:34
19.02.2018
16:22
19.02.2018
16:17
19.02.2018
16:12
19.02.2018
16:09
19.02.2018

Uber paid 20-year-old man to keep data breach secret.

SAN FRANCISCO/WASHINGTON – A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. Uber announced on Nov....
Time: 22:21     Date: 06.12.2017
World Tech News: Uber paid 20-year-old man to keep data breach secret. NY Post 24 - US News

Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service – as such a program is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies.

Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.

Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.

It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year.

Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.

A payment of $100,000 through a bug bounty program would be extremely unusual, with one former HackerOne executive saying it would represent an “all-time record.” Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $5,000 to $10,000 range.

HackerOne hosts Uber’s bug bounty program but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.

HackerOne CEO Marten Mickos said he could not discuss an individual customer’s programs. “In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made,” he said, referring to U.S. Internal Revenue Service forms.

According to two of the sources, Uber made the payment to confirm the hacker’s identity and have him sign a nondisclosure agreement to deter further wrongdoing. Uber also conducted a forensic analysis of the hacker’s machine to make sure the data had been purged, the sources said.

One source described the hacker as “living with his mom in a small home trying to help pay the bills,” adding that members of Uber’s security team did not want to pursue prosecution of an individual who did not appear to pose a further threat.

The Florida hacker paid a second person for services that involved accessing GitHub, a site widely used by programmers to store their code, to obtain credentials for access to Uber data stored elsewhere, one of the sources said.

GitHub said the attack did not involve a failure of its security systems. “Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code,” that company said in a statement.

Uber received an email last year from an anonymous person demanding money in exchange for user data, and the message was forwarded to the company’s bug bounty team in what was described as Uber’s routine practice for such solicitations, according to three sources familiar with the matter.

Bug bounty programs are designed mainly to give security researchers an incentive to report weaknesses they uncover in a company’s software. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom.

Some companies choose not to report more aggressive intrusions to authorities on the grounds that it can be easier and more effective to negotiate directly with hackers in order to limit any harm to customers.

Uber’s $100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive.

“If it had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops,” Moussouris said.

Uber’s failure to report the breach to regulators, even though it may have felt it had dealt with the problem, was an error, according to people inside and outside the company who spoke to Reuters.

“The creation of a bug bounty program doesn’t allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don’t apply to them,” Moussouris said.

Uber fired its chief security officer, Joe Sullivan, and a deputy, attorney Craig Clark, over their roles in the incident.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi, said in a blog post announcing the hack last month.

Clark worked directly for Sullivan but also reported to Uber’s legal and privacy team, according to three people familiar with the arrangement. It is unclear whether Clark informed Uber’s legal department, which typically handled disclosure issues.

Sullivan and Clark did not respond to requests for comment.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc (FB.O) security chief, said he integrated security engineers and developers at Uber “with our lawyers and our public policy team who know what regulators care about.”

Last week, three more top managers in Uber’s security unit resigned. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters. Another of the three, senior security engineer Prithvi Rai, later agreed to stay in a new role.

Reporting by Joseph Menn in San Francisco and Dustin Volz in Washington; Additional reporting by Heather Somerville and Stephen Nellis in San Francisco; Editing by Jonathan Weber and Bill Rigby

Tech

World Tech News: Straight Trump supporters have a new dating app. NY Post 24 - US News
Straight Trump supporters have a new dating app.
A dating site that promises to “make dating great again” matches Trump-supporting singles looking for love. “We believe...
World Tech News: This startup can help make moving day a bit less miserable. NY Post 24 - US News
This startup can help make moving day a bit less miserable.
People moving out of a rental apartment may soon be able to pocket a little cash during the transition, thanks to a New York...
World Tech News: Facebook will mail postcards to verify ads, prevent meddling. NY Post 24 - US News
Facebook will mail postcards to verify ads, prevent meddling.
MENLO PARK, Calif. — Facebook will soon rely on centuries-old technology to try to prevent foreign meddling in U.S. elections:...
World Tech News: Bitcoin could bounce back big-time in 2018: analyst. NY Post 24 - US News
Bitcoin could bounce back big-time in 2018: analyst.
Despite its price plunge, some diehard bitcoin aficionados still say the beleaguered cryptocurrency could hit six figures...

Opinion

Last US News - Opinion: No, America: Lebanon is not your friend. NY Post 24 - US News
No, America: Lebanon is not your friend.
Is Lebanon America’s friend? The Trump administration, like its predecessors, wrongfully believes it can be. Even before...
Last US News - Opinion: When gentrification winds up meaning confiscation. NY Post 24 - US News
When gentrification winds up meaning confiscation.
Congratulations! The house you bought in Jersey City in the mid-’80s has increased sevenfold in value. Condolences: The...
Last US News - Opinion: Where do the #MeToo accused go from here?. NY Post 24 - US News
Where do the #MeToo accused go from here?.
America is entering the next phase in #MeToo: Where do the accused go from here? Last week Shaun White won a historic third...
Last US News - Opinion: How will Democrats handle their blue-collar blues?. NY Post 24 - US News
How will Democrats handle their blue-collar blues?.
Politico reports that Democrats aren’t keen on having Bill Clinton help out in this year’s campaigns, what with #MeToo...
Last US News - Opinion: Cuomo’s congestion-pricing baby steps. NY Post 24 - US News
Cuomo’s congestion-pricing baby steps.
Gov. Cuomo isn’t so much going ahead with a congestion-pricing plan for the city as he is laying the groundwork, which...

Living

US Living News: Court names wealthy man sole guardian of 13 surrogate children. NY Post 24 - US News
Court names wealthy man sole guardian of 13 surrogate children.
BANGKOK – A Thai court on Tuesday said it ruled in favor of a wealthy Japanese man who had fathered 13 surrogate children...
US Living News: Serious knee injuries increasing in kids and teens. NY Post 24 - US News
Serious knee injuries increasing in kids and teens.
Injuries to a critical ligament in the knee are becoming more common in children and teens, researchers warn. Injuries to...
US Living News: New York Times slammed for ‘sexy’ yoga pants article. NY Post 24 - US News
New York Times slammed for ‘sexy’ yoga pants article.
A New York Times opinion piece is getting ridiculed online for calling yoga pants “bad for women,” and championing for...
US Living News: Harlem Pizza Co. is opening new location. NY Post 24 - US News
Harlem Pizza Co. is opening new location.
Harlem is hot. The owners of Harlem Pizza Co. and Harlem Burger Co. are launching a third new location — Sliced by Harlem...
US Living News: The trendy herbal remedies to cure what ails you. NY Post 24 - US News
The trendy herbal remedies to cure what ails you.
Forget chalky powders and hard-to-swallow vitamins. The hottest way to get a dose of herbal medicine is in tincture form....
US Living News: These exercises will give you a bangin’ butt. NY Post 24 - US News
These exercises will give you a bangin’ butt.
When New York’s girl bosses want better butts, they go to Bec Donlan. The trainer has built a name for herself as a designer...
US Living News: This sleek-looking vape pen is hard to quit. NY Post 24 - US News
This sleek-looking vape pen is hard to quit.
In 2017, Thomas Wyatt, a film editor based in Bed Stuy, was smoking up to a pack of cigarettes daily. But when his girlfriend...
US Living News: Two-year-old boy’s leg crushed by airport escalator. NY Post 24 - US News
Two-year-old boy’s leg crushed by airport escalator.
A Canadian mother is warning others about the dangers of escalators after her 2-year-old son’s foot got caught in one at...

Business

Last US Business News: Wall Street isn’t sold on a CBS-Viacom merger. NY Post 24 - US News
Wall Street isn’t sold on a CBS-Viacom merger.
The media world may be buzzing about a potential CBS-Viacom merger, but Wall Street isn’t sold on the idea. Despite CBS’s...
Last US Business News: Shareholder lawsuit filed against Riot Blockchain. NY Post 24 - US News
Shareholder lawsuit filed against Riot Blockchain.
Riot Blockchain, the biotech company that in October morphed into a cryptocurrency outfit, may soon incur some shareholder...
Last US Business News: Chaos in Washington continues to worry Wall Street. NY Post 24 - US News
Chaos in Washington continues to worry Wall Street.
Stocks were up a bunch on Friday when the news came out that special counsel Robert Mueller had gotten an indictment against...
Last US Business News: Trump’s tax-cut growth gamble could backfire. NY Post 24 - US News
Trump’s tax-cut growth gamble could backfire.
There’s disappointing news coming out for President Trump, and it has nothing to do with the Russians or the revelations...
Last US Business News: Toy makers focus on grown-ups to boost sales. NY Post 24 - US News
Toy makers focus on grown-ups to boost sales.
The toy aisle is not just for kids anymore. Raunchy card games for adults and games aimed at teens and adults are among the...
Last US Business News: Anonymous bitcoin trader makes $400 million bet. NY Post 24 - US News
Anonymous bitcoin trader makes $400 million bet.
Go big or go home. That’s the motto of one mysterious investor who put his chips on the table, buying close to $400 million...
Last US Business News: What the cluck? KFC runs out of chicken. NY Post 24 - US News
What the cluck? KFC runs out of chicken.
What a fowl up! KFC has been forced to close most of its 900 outlets across the UK and Ireland — because it has run...
Last US Business News: Mercedes maker seen as using VW-like emissions tests. NY Post 24 - US News
Mercedes maker seen as using VW-like emissions tests.
US investigators probing Mercedes maker Daimler have found that its cars were equipped with software which may have helped...

Metro

Metro News: Cyclist fatally struck by hit-and-run driver at La Guardia. NY Post 24 - US News
Cyclist fatally struck by hit-and-run driver at La Guardia.
A man riding a bicycle was fatally struck by a hit-and-run driver at La Guardia Airport on Monday night, law enforcement...
Metro News: NY Dems were pushing stricter gun laws even before Florida massacre. NY Post 24 - US News
NY Dems were pushing stricter gun laws even before Florida massacre.
Even before the massacre in Florida, Democratic lawmakers in New York were pushing legislation that would allow judges to...
Metro News: Uber Eats driver punched, robbed in The Bronx. NY Post 24 - US News
Uber Eats driver punched, robbed in The Bronx.
A NYPD-officer wannabe working in The Bronx as an Uber Eats driver got a firsthand look at what it’s like to be a crime...
Metro News: The city still hasn’t selected a ‘nightlife mayor’. NY Post 24 - US News
The city still hasn’t selected a ‘nightlife mayor’.
New Yorkers are still in the dark over who will become the city’s first “nightlife mayor.” Mayor de Blasio announced...
Metro News: Unseasonably warm weather in NYC could be historic. NY Post 24 - US News
Unseasonably warm weather in NYC could be historic.
Put away the parka — and slip on some shorts and flip-flops! New York City will feel more like LA, at least for two days...
Metro News: This odd solution could make the L train shutdown less awful. NY Post 24 - US News
This odd solution could make the L train shutdown less awful.
A crew of engineers and real estate agents is hoping to convince the city of another option to mitigate the pending L-pocalypse...
Metro News: NYC giving away Dunkin’ coffee to get homeless into shelters. NY Post 24 - US News
NYC giving away Dunkin’ coffee to get homeless into shelters.
The Big Apple’s homeless now run on Dunkin’. The NYPD recently launched a program that uses hot cups of Dunkin’ Donuts...
Metro News: Cuomo challenger says tax plan is out of touch with reality. NY Post 24 - US News
Cuomo challenger says tax plan is out of touch with reality.
Gov. Cuomo’s proposal to change the state tax code to get around the loss of deductions under the new federal law is “the...

Sport

Last US Sport News: Slovenian hockey player tests positive for doping. NY Post 24 - US News
Slovenian hockey player tests positive for doping.
PYEONGCHANG, South Korea — A Slovenian hockey player has become the third athlete to test positive for doping at the Pyeongchang...
Last US Sport News: US men’s hockey team staves off elimination with huge win. NY Post 24 - US News
US men’s hockey team staves off elimination with huge win.
The United States’ men’s hockey team beat Slovakia 5-1 in the qualification round at the Pyeongchang Olympics...
Last US Sport News: Knicks should drop Jarrett Jack — and that’s just the start. NY Post 24 - US News
Knicks should drop Jarrett Jack — and that’s just the start.
The Knicks return from the All-Star break to a Tuesday night practice in Tarrytown on familiar turf — playing for next...
Last US Sport News: Mickey Callaway out to prove he’s not just a pitchers’ manager. NY Post 24 - US News
Mickey Callaway out to prove he’s not just a pitchers’ manager.
PORT ST. LUCIE — From field to field Monday at the Mets’ spring-training complex, from station to station, Mickey Callaway...
Last US Sport News: TV mainstays give New York hoops fans reason to listen. NY Post 24 - US News
TV mainstays give New York hoops fans reason to listen.
The harsh truths about professional basketball at this time in this city are stark. Sometimes, it’s hard not to divert...