Today: 24.05.2018
News
Opinion
Business
Living
Metro
Tech
Sport

Last News

23:47
23.05.2018
23:44
23.05.2018
22:39
23.05.2018
21:05
23.05.2018
20:46
23.05.2018
20:36
23.05.2018
20:14
23.05.2018
19:59
23.05.2018
19:37
23.05.2018
19:28
23.05.2018
19:16
23.05.2018
18:24
23.05.2018
17:55
23.05.2018
17:41
23.05.2018
17:27
23.05.2018
17:23
23.05.2018
17:18
23.05.2018
17:00
23.05.2018
16:49
23.05.2018
16:44
23.05.2018
15:30
23.05.2018
15:02
23.05.2018
14:51
23.05.2018
14:51
23.05.2018
14:45
23.05.2018
14:24
23.05.2018
13:59
23.05.2018
13:44
23.05.2018
13:27
23.05.2018
12:57
23.05.2018

Uber paid 20-year-old man to keep data breach secret.

SAN FRANCISCO/WASHINGTON – A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. Uber announced on Nov....
Time: 22:21     Date: 06.12.2017
World Tech News: Uber paid 20-year-old man to keep data breach secret. NY Post 24 - US News

Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service – as such a program is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies.

Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.

Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.

It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year.

Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.

A payment of $100,000 through a bug bounty program would be extremely unusual, with one former HackerOne executive saying it would represent an “all-time record.” Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $5,000 to $10,000 range.

HackerOne hosts Uber’s bug bounty program but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.

HackerOne CEO Marten Mickos said he could not discuss an individual customer’s programs. “In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made,” he said, referring to U.S. Internal Revenue Service forms.

According to two of the sources, Uber made the payment to confirm the hacker’s identity and have him sign a nondisclosure agreement to deter further wrongdoing. Uber also conducted a forensic analysis of the hacker’s machine to make sure the data had been purged, the sources said.

One source described the hacker as “living with his mom in a small home trying to help pay the bills,” adding that members of Uber’s security team did not want to pursue prosecution of an individual who did not appear to pose a further threat.

The Florida hacker paid a second person for services that involved accessing GitHub, a site widely used by programmers to store their code, to obtain credentials for access to Uber data stored elsewhere, one of the sources said.

GitHub said the attack did not involve a failure of its security systems. “Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code,” that company said in a statement.

Uber received an email last year from an anonymous person demanding money in exchange for user data, and the message was forwarded to the company’s bug bounty team in what was described as Uber’s routine practice for such solicitations, according to three sources familiar with the matter.

Bug bounty programs are designed mainly to give security researchers an incentive to report weaknesses they uncover in a company’s software. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom.

Some companies choose not to report more aggressive intrusions to authorities on the grounds that it can be easier and more effective to negotiate directly with hackers in order to limit any harm to customers.

Uber’s $100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive.

“If it had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops,” Moussouris said.

Uber’s failure to report the breach to regulators, even though it may have felt it had dealt with the problem, was an error, according to people inside and outside the company who spoke to Reuters.

“The creation of a bug bounty program doesn’t allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don’t apply to them,” Moussouris said.

Uber fired its chief security officer, Joe Sullivan, and a deputy, attorney Craig Clark, over their roles in the incident.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi, said in a blog post announcing the hack last month.

Clark worked directly for Sullivan but also reported to Uber’s legal and privacy team, according to three people familiar with the arrangement. It is unclear whether Clark informed Uber’s legal department, which typically handled disclosure issues.

Sullivan and Clark did not respond to requests for comment.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc (FB.O) security chief, said he integrated security engineers and developers at Uber “with our lawyers and our public policy team who know what regulators care about.”

Last week, three more top managers in Uber’s security unit resigned. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters. Another of the three, senior security engineer Prithvi Rai, later agreed to stay in a new role.

Reporting by Joseph Menn in San Francisco and Dustin Volz in Washington; Additional reporting by Heather Somerville and Stephen Nellis in San Francisco; Editing by Jonathan Weber and Bill Rigby

Tech

World Tech News: YouTube ran ads for big firms on Nazi, pedophilia channels. NY Post 24 - US News
YouTube ran ads for big firms on Nazi, pedophilia channels.
YouTube has been accused of showing ads from multi-national companies on channels promoting extremism, Nazis and even pedophilia....
World Tech News: Army developing ‘nano-satellites’ for space warfare. NY Post 24 - US News
Army developing ‘nano-satellites’ for space warfare.
Small “nano-satellites” could soon play a big role in US Army plans to win ground wars, a top US Army official...
World Tech News: Hubble celebrates 28 years with shot of wild stellar nursery. NY Post 24 - US News
Hubble celebrates 28 years with shot of wild stellar nursery.
CAPE CANAVERAL, Fla. — NASA is marking the 28th anniversary of the Hubble Space Telescope’s launch with a peek into a...
World Tech News: Cryptocurrency exchange owner slams Schneiderman. NY Post 24 - US News
Cryptocurrency exchange owner slams Schneiderman.
Take a hike, Eric. The owner of a virtual currency exchange on Thursday hit back at New York Attorney General Eric Schneiderman’s...

Opinion

Last US News - Opinion: How Andrew Cuomo gave cop-killer Herman Bell a vote. NY Post 24 - US News
How Andrew Cuomo gave cop-killer Herman Bell a vote.
First, Gov. Cuomo’s Parole Board sprang three-time cop-killer and formerly unapologetic black revolutionary Herman Bell...
Last US News - Opinion: New York legislators make history by doing the right thing. NY Post 24 - US News
New York legislators make history by doing the right thing.
Kudos to Assembly Speaker Carl Heastie, state Senate Majority Leader John Flanagan and the rest of the Legislature for doing...
Last US News - Opinion: Why New York schools spend so much for such mediocre results. NY Post 24 - US News
Why New York schools spend so much for such mediocre results.
New York continues to spend more on schoolkids than any other state, new Census data show, and not because kids here get...
Last US News - Opinion: Why should hitting a cop be a federal crime?. NY Post 24 - US News
Why should hitting a cop be a federal crime?.
Last week, the House of Representatives — by a margin of more than 10 to 1 — approved a completely gratuitous, blatantly...
Last US News - Opinion: The hypocrisy of American election investigations into Israel. NY Post 24 - US News
The hypocrisy of American election investigations into Israel.
Special counsel Robert Mueller has sent his gumshoes to Israel. They’re reportedly looking into an Israeli firm that may...

Living

US Living News: Eat more seafood if you want to have more sex, study says. NY Post 24 - US News
Eat more seafood if you want to have more sex, study says.
Couples who eat at least two portions of seafood a week have more sex and fall pregnant faster, a study found. Researchers...
US Living News: Inside JFK’s door-to-door search for a French call girl — and why she had to look like Jackie. NY Post 24 - US News
Inside JFK’s door-to-door search for a French call girl — and why she had to look like Jackie.
In May 1961, an elderly woman in Paris heard a knock at the door of her six-story walk-up apartment. It was only the most...
US Living News: Creepy killer worms have taken over France. NY Post 24 - US News
Creepy killer worms have taken over France.
Scientists are great at observing invasive species when they’re above ground, but as the 1990 horror film Tremors taught...
US Living News: Instagram model dies after insisting her cancer was ‘only a phase’. NY Post 24 - US News
Instagram model dies after insisting her cancer was ‘only a phase’.
A popular Brazilian model who documented her fight against cancer on social media has died. Nara Almeida regularly updated...
US Living News: Airlines predict planes will be packed this summer. NY Post 24 - US News
Airlines predict planes will be packed this summer.
Planes will be packed as Americans head out on summer vacations this year. Airlines for America, a trade group that represents...
US Living News: Mom who gave birth while in a coma dies 3 years after waking. NY Post 24 - US News
Mom who gave birth while in a coma dies 3 years after waking.
A Tennessee mother who gave birth while she was in a coma died three years after she regained consciousness, her family said....
US Living News: When it’s actually OK to go to an ex’s wedding. NY Post 24 - US News
When it’s actually OK to go to an ex’s wedding.
All eyes were on the bride last Saturday when glamorous Meghan Markle tied the knot with Prince Harry in Windsor, England....
US Living News: Bizarre eye treatment makes traumatic memories go away. NY Post 24 - US News
Bizarre eye treatment makes traumatic memories go away.
Your eyes might hold the key to emotional healing. People are turning to a mysterious psychological practice called eye movement...

Business

Last US Business News: KKR in talks to buy BMC Software for $10B. NY Post 24 - US News
KKR in talks to buy BMC Software for $10B.
KKR is in exclusive talks to buy BMC Software in a deal that marks its return to mega-buyouts, a source close to the situation...
Last US Business News: Why gas prices are so high — and what Americans may have to risk to make them lower. NY Post 24 - US News
Why gas prices are so high — and what Americans may have to risk to make them lower.
Five-buck-a-gallon gasoline in the city — and $3 gas in the burbs. And going higher. That’s the news motorists are facing...
Last US Business News: Fed prepared for temporary inflation jump over gas prices. NY Post 24 - US News
Fed prepared for temporary inflation jump over gas prices.
The rising price of energy is giving the Federal Reserve gas pains. The minutes of the Fed’s May policy meeting were released...
Last US Business News: Chipotle is breaking up with its Denver headquarters. NY Post 24 - US News
Chipotle is breaking up with its Denver headquarters.
Chipotle is ditching its Denver headquarters to attract new employees. The burrito chain’s turnaround plan includes hiring...
Last US Business News: Icahn ramps up efforts to stop AmTrust vote to go private. NY Post 24 - US News
Icahn ramps up efforts to stop AmTrust vote to go private.
Queens native billionaire Carl Icahn and the Brooklyn billionaire Karfunkel family had a meeting across the river to hash...
Last US Business News: Deutsche Bank reportedly set to lay off 10,000 workers. NY Post 24 - US News
Deutsche Bank reportedly set to lay off 10,000 workers.
Heads are rolling at Deutsche Bank again. The beleaguered German bank is reportedly planning to lay off as many as 10,000...
Last US Business News: Bill Ackman takes $1 billion stake in Lowe’s. NY Post 24 - US News
Bill Ackman takes $1 billion stake in Lowe’s.
Bill Ackman has taken a $1 billion stake in home-improvement chain Lowe’s, a source familiar with the situation told The...
Last US Business News: CBS claims Redstone blocked possible buyout bid from a rival. NY Post 24 - US News
CBS claims Redstone blocked possible buyout bid from a rival.
CBS said media heiress Shari Redstone’s recent moves to keep an iron grip on the company’s board have been “disloyal”...

Metro

Metro News: Cuomo finally adds longtime girlfriend Sandra Lee to campaign website. NY Post 24 - US News
Cuomo finally adds longtime girlfriend Sandra Lee to campaign website.
Gov. Cuomo has updated his campaign website and it now includes photos featuring his longtime girlfriend, TV chef Sandra...
Metro News: New York Democrats kick Felder out of party — symbolically. NY Post 24 - US News
New York Democrats kick Felder out of party — symbolically.
The New York State Democratic Party passed a resolution Wednesday night to kick turncoat Brooklyn Sen. Simcha Felder out...
Metro News: Councilman resurrects plan to turn graveyard to park. NY Post 24 - US News
Councilman resurrects plan to turn graveyard to park.
This idea is back from the dead. A Manhattan lawmaker has revived a plan to transform the Dickensian pauper’s graveyard...
Metro News: MTA boss will implement system similar to NYPD’s CompStat. NY Post 24 - US News
MTA boss will implement system similar to NYPD’s CompStat.
The MTA’s proposed radical overhaul would include a dose of healthy competition among station managers — a plan that...
Metro News: Cynthia Nixon didn’t stand a chance at NY Democratic convention. NY Post 24 - US News
Cynthia Nixon didn’t stand a chance at NY Democratic convention.
Cynthia Nixon got a lesson in power politics at the state Democratic convention on Wednesday. Nixon spent the morning in...
Metro News: Junkies have turned $35M Bronx development into a shooting gallery. NY Post 24 - US News
Junkies have turned $35M Bronx development into a shooting gallery.
A city-owned parking lot in the South Bronx that was transformed into a $35 million development has become a magnet for junkies...
Metro News: 101-year-old victim describes terrifying home invasion that left husband dead. NY Post 24 - US News
101-year-old victim describes terrifying home invasion that left husband dead.
A 101-year-old woman whose husband died during a violent 2017 home invasion took the stand Wednesday to describe the terrifying...
Metro News: Schneiderman accuser reportedly meets with special prosecutor. NY Post 24 - US News
Schneiderman accuser reportedly meets with special prosecutor.
One of Eric Schneiderman’s accusers was interviewed Wednesday by the special prosecutor investigating domestic-violence...

Sport

Last US Sport News: Pivoting Stitches feels Amazin’. NY Post 24 - US News
Pivoting Stitches feels Amazin’.
Were you guilty of any charges? Do anything wrong? Do any PEDS? Alex “no, no, no” Rodriguez will have a new show on ESPN...
Last US Sport News: LeBron, Cavs facing elimination after Game 5 loss to Celtics. NY Post 24 - US News
LeBron, Cavs facing elimination after Game 5 loss to Celtics.
BOSTON — Rookie Jayson Tatum had 24 points and Al Horford had 15 points and 12 rebounds to help the Boston Celtics beat...
Last US Sport News: The moment the hockey world learned David Quinn was for real. NY Post 24 - US News
The moment the hockey world learned David Quinn was for real.
With 4:08 remaining in the third period of the 2009 national championship game and Boston University trailing underdog Miami...
Last US Sport News: Capitals rip Lightning in Game 7 to reach Stanley Cup final. NY Post 24 - US News
Capitals rip Lightning in Game 7 to reach Stanley Cup final.
TAMPA, Fla. — The Capitals beat the Lightning 4-0 in Game 7; advance to face Vegas Golden Knights in Stanley Cup Final....
Last US Sport News: Yankees can’t make 10 runs hold up in shootout loss to Rangers. NY Post 24 - US News
Yankees can’t make 10 runs hold up in shootout loss to Rangers.
ARLINGTON, Texas — The Best Bat Show On Earth did its part Wednesday night only to watch the Yankees’ arms wilt in the...