Connect with us

Social Media

Yahoo hack wasn’t Shellshock, company claims

Published

on

 Malware attack was not Shellshock, and no user data was affected, Yahoo said

Yahoo has announced that the hackers who breached its servers this weekend did not use the Shellshock superbug as was previously reported.

In a statement, Yahoo’s head of information security Alex Stamos said that hackers had executed malware in a failed search for Shellshock vulnerabilities, and had not gained access to any user data.

The attackers, who zeroed in on the site’s Sports API servers, “mutated” the malicious code to look for access points.

Stamos reported that the original security flaw was exclusive to a small number of machines, and that it has now been fixed, with the malware added to Yahoo’s scanners.

He wrote: “We isolated a handful of servers that were detected to have been impacted by a security flaw. After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock.

“At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected.

“As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public.”

He added: “Just because exploit code works doesn’t mean it triggered the bug you expected!”

Yahoo’s investigation into server security was launched after ethical hacker Jonathan Hall discovered a group of Romanian cyber criminals were infiltrating Yahoo servers.

Hall, who published his method and his findings on his blog, also alerted Yahoo and the FBI to the hack.

Stamos also addressed criticism of Yahoo for not compensating Hall for his discovery, arguing that it was done outside of the company’s bug bounty programme.

He wrote: “Yahoo takes external security reports seriously and we strive to respond immediately to credible tips.

“Our records show no attempt by this researcher to contact us using [bug bounty] means.”

Hall also found similar security breaches in WinZip and Lycos servers. He said that WinZip confirmed the hack and thanked him for the discovery.

Hall claims that Lycos, on the other hand, denied the hack and have tried to cover it up by deleting the compromised script.

source:http://www.independent.co.uk/life-style/gadgets-and-tech/news/yahoo-hack-wasnt-shellshock-company-claims-9779594.html

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Internet

INSTAGRAM IS USING AI TO DETECT BULLYING IN PHOTOS AND CAPTIONS

Published

on

Last year, Instagram introduced an enhanced comment filter that uses machine learning to spot offensive words and phrases in challenging contexts. Now, the company is expanding similar coverage to photos and captions. Today, it announced that it will use AI to “proactively detect bullying” before sending content to human moderators for review.

The new feature will roll out to users in the coming weeks, launching in time for October’s National Bullying Prevention Month in the US and just before Anti-Bullying Week in the UK. The same technology is also being added to live videos to filter comments there as well.

This is the first product announcement under new Instagram chief Adam Mosseri who took over following the hasty departure of co-founders Kevin Systrom and Mike Krieger last month. The split was reportedly due to simmering tensions between the pair and parent company Facebook, which has frequently meddled with Instagram’s product.

With public trust in Facebook continuing to fall, Instagram remains the bright spot in the company’s product lineup. It’s popular, profitable, and it has yet to be tainted by the scandals that have undermined Facebook. In this context, using AI to help weed out offensive content and keep Instagram a home for good vibes is extremely important.

A story published in Wired last year explained some of the details of Instagram’s machine learning comment filters, but it’s well-established that this sort of technology is no silver bulletfor content moderation. AI is cheap to deploy at scale, yes, but it still has trouble dealing with human context and nuance. That’s why it’s good that these new bullying filters also send content to human moderators to perform the final check. Automation without oversight is a recipe for disaster.

Interestingly, Instagram says it’s not just analyzing photos captions to identify bullying, but also the photo itself. Speaking to The Verge, a spokesperson gave the example of the AI looking for split-screen images as an example of potential bullying, as one person might be negatively compared to another. What other factors the AI will look for though isn’t clear. That might be a good idea considering that when Facebook announced it would scan memes using AI, people immediately started thinking of ways to get around such filters.

Along with the new filters, Instagram is also launching a “kindness camera effect,” which sounds like it’s a way to spread a positive message as a method to boost user engagement. While using the rear camera, the effects fill the screen with an overlay of “kind comments in many languages.” Switch to your front-facing camera, and you get a shimmer of hearts and a polite encouragement to “tag a friend you want to support.”

Continue Reading

Internet

FACEBOOK IS TESTING ITS VERY OWN DATING APP

Published

on

Yes, Facebook Dating is a real thing. And we may have just received a sneak peek.

Jane Manchun Wong — an app researcher who’s spotted Facebook features in the past, like Talent Show — posted photos from what she claims is an internal test of Facebook Dating.

 

The company wouldn’t say whether these pics are the real deal, although it did confirm it’s testing Facebook Dating internally.

Two months ago, at its F8 developer conference, Facebook shared that it was developing a dating app. Aspiring yenta Mark Zuckerberg explained it was “going to be for building real, long-term relationships, not hookups.”

Later, on its blog, Facebook dished out a few more details: “People will be able to create a dating profile that is separate from their Facebook profile — and potential matches will be recommended based on dating preferences, things in common, and mutual friends. They’ll have the option to discover others with similar interests through their Groups or Events.”

From Wong’s photos, it looks like the app will let you prevent your current Facebook friends from seeing your dating profile, thus avoiding potential embarrassment. It’ll also offer a variety of gender options, including trans man, trans woman, and non-binary.

No word on when, exactly, Facebook Dating will become available to the public. Guess you’ll just have to make do with Tinder, Bumble, OKCupid, Happn, Grindr, Hinge, and the thousands of other dating apps out there in the meantime.

Continue Reading

Internet

WHATSAPP MESSAGES AND SENDERS CAN BE ALTERED AFTER YOU RECEIVED THEM, SAY RESEARCHERS

Published

on

Security researchers have discovered that it’s possible for hackers to change both the content and the sender of a WhatsApp message after you’ve received it …

This includes the ability to change quoted messages, to make it appear you said something you didn’t.

CNET reports that the possibility was discovered by Check Point Software Technologies.

The firm] found that hackers can create a hacked version of the app and alter a quoted message (a past one that someone is replying directly one) to change the content or sender.

The hacker would, however, need to be part of the chat, so the vulnerability mostly applies to group chats.

WhatsApp told the NYT that it was not aware of the technique being used in the wild, and a cure would be worse than the problem.

One solution would be to create transcripts of every message exchange to verify the accuracy of every quote. Creating such a transcript is a significant privacy risk because those accounts of what people wrote to each other must be stored somewhere, the company said.

All WhatsApp messages are protected by end-to-end encryption, which means that only those within a chat would be able to exploit the loophole. Storing a transcript would effectively mean removing that end-to-end encryption.

Continue Reading
Advertisement

Trending