Today: 15.08.2018
News
Opinion
Business
Living
Metro
Tech
Sport

Last News

10:43
Today
10:36
Today
10:24
Today
09:24
Today
09:17
Today
09:08
Today
09:00
Today
08:54
Today
08:49
Today
08:45
Today
08:38
Today
05:46
Today
01:27
Today
01:10
Today
00:55
Today
23:36
14.08.2018
21:48
14.08.2018
21:46
14.08.2018
21:28
14.08.2018
21:28
14.08.2018
21:16
14.08.2018
20:31
14.08.2018
20:18
14.08.2018
20:00
14.08.2018
19:36
14.08.2018
19:32
14.08.2018
18:37
14.08.2018
17:59
14.08.2018
17:26
14.08.2018
16:49
14.08.2018

Uber paid 20-year-old man to keep data breach secret.

SAN FRANCISCO/WASHINGTON – A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. Uber announced on Nov....
Time: 22:21     Date: 06.12.2017
World Tech News: Uber paid 20-year-old man to keep data breach secret. NY Post 24 - US News

Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service – as such a program is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies.

Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.

Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.

It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year.

Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.

A payment of $100,000 through a bug bounty program would be extremely unusual, with one former HackerOne executive saying it would represent an “all-time record.” Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $5,000 to $10,000 range.

HackerOne hosts Uber’s bug bounty program but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.

HackerOne CEO Marten Mickos said he could not discuss an individual customer’s programs. “In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made,” he said, referring to U.S. Internal Revenue Service forms.

According to two of the sources, Uber made the payment to confirm the hacker’s identity and have him sign a nondisclosure agreement to deter further wrongdoing. Uber also conducted a forensic analysis of the hacker’s machine to make sure the data had been purged, the sources said.

One source described the hacker as “living with his mom in a small home trying to help pay the bills,” adding that members of Uber’s security team did not want to pursue prosecution of an individual who did not appear to pose a further threat.

The Florida hacker paid a second person for services that involved accessing GitHub, a site widely used by programmers to store their code, to obtain credentials for access to Uber data stored elsewhere, one of the sources said.

GitHub said the attack did not involve a failure of its security systems. “Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code,” that company said in a statement.

Uber received an email last year from an anonymous person demanding money in exchange for user data, and the message was forwarded to the company’s bug bounty team in what was described as Uber’s routine practice for such solicitations, according to three sources familiar with the matter.

Bug bounty programs are designed mainly to give security researchers an incentive to report weaknesses they uncover in a company’s software. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom.

Some companies choose not to report more aggressive intrusions to authorities on the grounds that it can be easier and more effective to negotiate directly with hackers in order to limit any harm to customers.

Uber’s $100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive.

“If it had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops,” Moussouris said.

Uber’s failure to report the breach to regulators, even though it may have felt it had dealt with the problem, was an error, according to people inside and outside the company who spoke to Reuters.

“The creation of a bug bounty program doesn’t allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don’t apply to them,” Moussouris said.

Uber fired its chief security officer, Joe Sullivan, and a deputy, attorney Craig Clark, over their roles in the incident.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi, said in a blog post announcing the hack last month.

Clark worked directly for Sullivan but also reported to Uber’s legal and privacy team, according to three people familiar with the arrangement. It is unclear whether Clark informed Uber’s legal department, which typically handled disclosure issues.

Sullivan and Clark did not respond to requests for comment.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc (FB.O) security chief, said he integrated security engineers and developers at Uber “with our lawyers and our public policy team who know what regulators care about.”

Last week, three more top managers in Uber’s security unit resigned. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters. Another of the three, senior security engineer Prithvi Rai, later agreed to stay in a new role.

Reporting by Joseph Menn in San Francisco and Dustin Volz in Washington; Additional reporting by Heather Somerville and Stephen Nellis in San Francisco; Editing by Jonathan Weber and Bill Rigby

Tech

World Tech News: How to delete all the places Google knows you’ve been. NY Post 24 - US News
How to delete all the places Google knows you’ve been.
Even if “Location History” is off on your phone, Google often still stores your precise location. Here are some things...
World Tech News: New Chrome feature could speed up the entire internet. NY Post 24 - US News
New Chrome feature could speed up the entire internet.
Google’s Chrome browser is the most popular web browser on the planet by a massive margin. According to market research...
World Tech News: It’s not your imagination — robocalls are on the rise. NY Post 24 - US News
It’s not your imagination — robocalls are on the rise.
Robocalls — those annoying, automated spam and scam messages — are on the rise. So far in 2018, more than 16.3 billion...
World Tech News: Anti-Facebook site launches despite legal threats. NY Post 24 - US News
Anti-Facebook site launches despite legal threats.
FacebookZoo — a new, anti-Facebook blogging site — went live on Tuesday despite threats from Facebook’s legal team....

Opinion

Last US News - Opinion: New York City’s booming economy is bad news for the far left. NY Post 24 - US News
New York City’s booming economy is bad news for the far left.
Mother always said it’s not nice to laugh while others cry, but there are exceptions. One is on display now in New York....
Last US News - Opinion: The system is failing the mentally ill — not the cops. NY Post 24 - US News
The system is failing the mentally ill — not the cops.
What happens when the police want to help, but the mental-health system won’t let them? Last week, a 22-year-old Washington...
Last US News - Opinion: Democrats are out to sabotage the middle class on health care. NY Post 24 - US News
Democrats are out to sabotage the middle class on health care.
Democrats are trying to ban low-cost health insurance that covers less than ObamaCare. They claim they’re protecting the...
Last US News - Opinion: Cuomo accepts the ‘ignorance’ excuse now that he’s the perp. NY Post 24 - US News
Cuomo accepts the ‘ignorance’ excuse now that he’s the perp.
During a visit to the Adirondacks last week, Gov. Cuomo recalled retrieving a feather that was shed by an eagle that “swooped...
Last US News - Opinion: Cuomo only agrees to debate when cards are stacked in his favor. NY Post 24 - US News
Cuomo only agrees to debate when cards are stacked in his favor.
For all his campaign ads painting him as a fearless warrior taking on President Trump, Gov. Cuomo is apparently afraid to...

Living

US Living News: School workers donate their sick days to cancer-stricken teacher who ran out. NY Post 24 - US News
School workers donate their sick days to cancer-stricken teacher who ran out.
A Florida public school teacher battling colon cancer ran out of paid sick days — that is, until a viral Facebook post...
US Living News: Oldest ever flying reptile discovered in Utah. NY Post 24 - US News
Oldest ever flying reptile discovered in Utah.
Over the decades, Utah has proven to be a real hotspot for fossil hunters and it just yielded yet another amazing find. There...
US Living News: 6-year-old orders herself $350 worth of toys on Amazon Prime. NY Post 24 - US News
6-year-old orders herself $350 worth of toys on Amazon Prime.
Kids these days. Anyone who’s ever gone on an Amazon shopping spree understands the allure of the one-click buying option...
US Living News: Winemakers say mildew attack is ruining their harvest. NY Post 24 - US News
Winemakers say mildew attack is ruining their harvest.
A French winemaker has lost between 15 to 20 percent of his harvest thanks to an extreme “attack of mildew,” he says....
US Living News: Sleep deprivation can make people less attractive: study. NY Post 24 - US News
Sleep deprivation can make people less attractive: study.
Not getting enough sleep can turn people into social lepers, a study suggests. Scientists found it makes men and women appear...
US Living News: Inside NYC’s most dramatic restaurant wars. NY Post 24 - US News
Inside NYC’s most dramatic restaurant wars.
There are tens of thousands of restaurants and bars in New York City and its surrounding areas, but not all of them get along...
US Living News: Tourists terrorizing Barcelona by urinating all over the place. NY Post 24 - US News
Tourists terrorizing Barcelona by urinating all over the place.
Barcelona locals are fed up with the disruption that tourists are bringing to the city – in the form of urine-soaked streets,...
US Living News: Ladies, you’re not crazy — men really do lose weight faster. NY Post 24 - US News
Ladies, you’re not crazy — men really do lose weight faster.
Ladies, you’re not imagining things: Men really do lose weight faster. After two months on a low-calorie diet, men lost...

Business

Last US Business News: Empire Resorts loses $58 million in first five months of business. NY Post 24 - US News
Empire Resorts loses $58 million in first five months of business.
The state’s largest new casino has rolled craps — losing $58 million in its first five months of operation, according...
Last US Business News: Eddie Lampert offers to buy Kenmore for $400 million. NY Post 24 - US News
Eddie Lampert offers to buy Kenmore for $400 million.
A hedge fund owned by the chief executive of Sears Holdings, Edward Lampert, has offered to buy the company’s Kenmore appliances...
Last US Business News: MoviePass discloses quarterly loss of $127 million. NY Post 24 - US News
MoviePass discloses quarterly loss of $127 million.
It’s not the birthday present that MoviePass wanted. On the one year anniversary of MoviePass slashing its prices, shares...
Last US Business News: Walmart is launching an Ellen DeGeneres fashion line. NY Post 24 - US News
Walmart is launching an Ellen DeGeneres fashion line.
Walmart said on Wednesday that it would tie up with comedian and talk show host Ellen DeGeneres to launch a women’s fashion...
Last US Business News: Corona brewer pours $4 billion into Canadian pot grower. NY Post 24 - US News
Corona brewer pours $4 billion into Canadian pot grower.
Corona beer maker Constellation Brands will invest a further $4 billion in Canada’s top cannabis producer Canopy Growth,...
Last US Business News: Macy’s reports surprise sales increase, but stock falls. NY Post 24 - US News
Macy’s reports surprise sales increase, but stock falls.
Macy’s on Wednesday reported a surprise rise in quarterly same-store sales, topping estimates for the third straight quarter,...
Last US Business News: Buffett’s Berkshire Hathaway increased Apple stake by nearly 5 percent. NY Post 24 - US News
Buffett’s Berkshire Hathaway increased Apple stake by nearly 5 percent.
They don’t call Warren Buffett the Oracle of Omaha for nothing. Buffett-led Berkshire Hathaway increased its stake in Apple...
Last US Business News: Charting MoviePass’ stunning rise and swift downfall. NY Post 24 - US News
Charting MoviePass’ stunning rise and swift downfall.
MoviePass honchos Mitch Lowe and Ted Farnsworth are still trying to break the moviegoing business model. So far, though,...

Metro

Metro News: Empire Resorts loses $58 million in first five months of business. NY Post 24 - US News
Empire Resorts loses $58 million in first five months of business.
The state’s largest new casino has rolled craps — losing $58 million in its first five months of operation, according...
Metro News: Cops release sketch of unidentified man found floating near bridge. NY Post 24 - US News
Cops release sketch of unidentified man found floating near bridge.
Police on Wednesday released a sketch of a still-unidentified man found floating in the waters near the Verrazano Bridge,...
Metro News: De Blasio unfazed by long lines of drivers trying to get Uber licenses. NY Post 24 - US News
De Blasio unfazed by long lines of drivers trying to get Uber licenses.
Mayor de Blasio on Wednesday said the long lines of drivers trying to get last-minute Uber licenses a day earlier didn’t...
Metro News: ‘Kayak killer’ settles with victim’s family after serving prison time. NY Post 24 - US News
‘Kayak killer’ settles with victim’s family after serving prison time.
POUGHKEEPSIE, N.Y. — A lawsuit settlement has been reached in a New York kayak drowning after the victim’s fiancee...
Metro News: Homeless man hiding under truck run over in Queens. NY Post 24 - US News
Homeless man hiding under truck run over in Queens.
A homeless man was killed on Tuesday when a truck he was lying under pulled out of a parking spot in Queens, sources said....
Metro News: Small donors would have huge say under de Blasio commission proposal. NY Post 24 - US News
Small donors would have huge say under de Blasio commission proposal.
Small donors would become big campaign players under a proposal Tuesday by the mayor’s Charter Revision Commission, which...
Metro News: Why these Uber drivers rushed to register cars before the ride-share cap. NY Post 24 - US News
Why these Uber drivers rushed to register cars before the ride-share cap.
Kazi Arefin braved lines and crowds to register his car for Uber because he was tired of making money for other people. The...
Metro News: Man suing doctor asks judge to keep his penis pics sealed from public record. NY Post 24 - US News
Man suing doctor asks judge to keep his penis pics sealed from public record.
He had a fool for a client — and it left him totally exposed. An East Village man acted as his own lawyer when he filed...

Sport

Last US Sport News: Ben Simmons is next 76er thinking radical shooting change. NY Post 24 - US News
Ben Simmons is next 76er thinking radical shooting change.
If Ben Simmons can ever truly develop his jump shot, it might come with his right hand. The 76ers rising star could switch...
Last US Sport News: You won’t see Bob Ley on ESPN for six months. NY Post 24 - US News
You won’t see Bob Ley on ESPN for six months.
ESPN’s longest-tenured employee needs a break. Emmy Award-winning sports anchor Bob Ley has requested and been granted...
Last US Sport News: Here’s what it looks like when an NFL player demands a trade. NY Post 24 - US News
Here’s what it looks like when an NFL player demands a trade.
Ask and you shall receive. Before being dealt to the Bills earlier this month, receiver Corey Coleman asked Hue Jackson to...
Last US Sport News: Ex-NASCAR star must pay $1 for secretly recording ex-wife. NY Post 24 - US News
Ex-NASCAR star must pay $1 for secretly recording ex-wife.
Former NASCAR driver Greg Biffle must reportedly pay his ex-wife $1 after a jury on Monday found that he did “intrude offensively...
Last US Sport News: Dan Marino’s son arrested for DUI, had ‘slurred’ speech: cops. NY Post 24 - US News
Dan Marino’s son arrested for DUI, had ‘slurred’ speech: cops.
The son of Hall of Fame NFL quarterback Dan Marino was arrested for DUI last week in Florida with a blood alcohol content...