Latest episode – watch now!
Browsing Categoryresponsible disclosure
No password required! “Sign in with Apple” account takeover flaw patched
A bug bounty hunter found a way to login using “Sign in with Apple”… but without the part where you have to put in a password.
Let’s make ransomware MORE illegal, says Maryland
… with a clumsily worded proposed bill that wouldn’t protect researchers. This post appeared first on Naked Security Blog by Sophos Author: Lisa Vaas
Google’s Project Zero highlights patch quality with policy tweak
Google’s Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. This post appeared first on Naked Security Blog…
Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day
Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not – Microsoft must patch what’s in front of it whatever the backstory. This post appeared first on…
Trading site DX.Exchange spills gobs of user data
A trader believes he could easily have obtained admin access to the site and potentially have stolen the funds of its 600,000 users. This post appeared first on Naked Security…