Intel expands bug bounty to catch more Spectre-like security flaws

To say Intel was caught flat-footed by the Meltdown and Spectre flaws would be an understatement. However, it has a potential solution: enlist more people for help. It's widening its bug bounty program to both include more researchers and offer mor…
Engadget RSS Feed

Bandai Namco Entertainment Announces ‘One Piece: Bounty Rush’ with Pre-Registrations Now Live on Google Play

Bandai Namco Entertainment just announced a new One Piece mobile game. One Piece: Bounty Rush will be coming to the West on iOS and Android this year. As expected it is a free to play game and it will feature 4v4 team based multiplayer action. The aim is to collect more berries than the opposition through multiple routes and using various gimmicks. Unlike Final Fantasy that feels like it has a new mobile game every few weeks, Bandai Namco Entertainment has been slower with One Piece mobile games. Watch the announcement trailer for Bounty Rush below:

This is a team based multiplayer battle game and of course there’s a class or character type system here. The Fighter type can overwhelm foes briskly while the Warrior is a tank like character. The aptly named Supported provides support through skills and the remaining two types are Shooter who is a ranged type and Swordsman that is a close range character type.

Bandai Namco Entertainment has begun pre-registrations for One Piece: Bounty Rush as of today through Facebook and Google Play. Depending on the number of likes on the Facebook page and pre-registrations on Google Play, rewards will be decided ranging from Rainbow Diamonds to Ingredient Packs and even 4-Star Shanks for use in game. Pre-register on Google Play here and Facebook here.

The official English website for it is also live. Until Bounty Rush releases, read our review of the latest One Piece game here.

TouchArcade

Montego Resources hopes IoT will help uncover silver bounty in Nevada

Montego Resources hopes IoT will help uncover silver bounty

The mining firm is using drones, sensors and robo-drills to hunt for treasure in the Nevada desert. 

For more than one hundred years, Taylor Mine & Mill in eastern Nevada has produced a bounty of silver and gold, inspiring a silver rush in the 1880s and being tapped again during the 1960s.

Today, this property is being worked by Canada-based late-stage exploration and development company Montego Resources, where executives believe that, through the use of industrial IoT (IIoT) technologies, they can uncover new treasure. The small company took over the Taylor Mine from another mining firm, Silver Predator, earlier this year.

Read more: Inmarsat digs into prospect of Internet of Mining Things

A world of uncertainty

With mining for precious metals, there’s always a lot of uncertainty. Pits can be dug and shafts can be dropped – but there’s no guarantee of a rich find at the end of these efforts.

In the past, it was back-breaking work to uncover the truth of where the richest deposits lay. At Taylor, for example, this was a matter of using shovels and picks in the 1880s and, in the 1960s, earth-moving equipment and dynamite. Throughout these efforts, it was often a question of simply hoping for the best.

New methods and industrial IoT technologies, however, could deliver rich rewards at a fraction of the effort. Modern mining utilizes digital mapping of the terrain and images and data collected by drones can be used to construct 3D models of geologic architecture.

Meanwhile, electric currents run through the ground by sensors more advanced and sensitive than previous technologies give geologists a clearer idea of what lies under their feet.

With that picture established, it’s time for robo-drills to enter the picture. These are attached to partially automated rigs that collect mineral samples for analysis, detailing where the richest veins of silver and gold might be located.

Read more: Metso and Rockwell to create IoT platform for mining industry

High hopes for the future

While Taylor has produced silver and gold in the past, it was unclear how big the remaining deposits were, until surveys were conducted in 2014. Now, Montego has a much clearer idea, and estimates that there is up to 20 million ounces of measured and indicated silver in the ground there – a figure that could rise to 32 million ounces if the company’s plans to identify additional seams at the site pay off.

The mine is located 17 miles south of Ely, Nevada and only 2.5 miles east of US Highway 50. That access to roads and water sources could prove crucial, making it a relatively cheap mine to run, if Montego Resources hits the jackpot.

Read more: Samsung debuts wearable tech for health and safety

The post Montego Resources hopes IoT will help uncover silver bounty in Nevada appeared first on Internet of Business.

Internet of Business

The Department of Defense’s Bug Bounty Program Has Flagged Thousands of Vulnerabilities

The Noble Hack

Historically, the U.S. government has kept hackers at arm’s length, even if their intentions are benevolent. However, over the last 18 months, the Department of Defense (DoD) has run an expansive bug bounty program, which has apparently been a massive success.

In June 2015, it was discovered that the Office of Personnel Management had been subject to a massive hack, exposing the records of as many as 4 million individuals. In the wake of these revelations and other similar breaches, plans began to formulate for the DoD to investigate the potential of a bug bounty program.

The initial trial for “Hack the Pentagon” ran in 2016 from April 18 to May 12. A total of 138 unique, legitimate vulnerability reports were submitted over this period, prompting a total bounty payout of $ 75,000 in increments of between $ 100 and $ 15,000.

That November, the DoD also ran “Hack the Army” to tackle issues with websites facilitating army enrollment. Then, this May, “Hack the Air Force” sought to secure online assets pertaining to another branch of the military. The total payout of these programs has climbed to around $ 300,000.

After the Bounty

These limited-time efforts were accompanied by an open-ended program dubbed the Vulnerabilities Disclosure Policy (VDP). This doesn’t award any bounties, but offers a legal method for individuals to flag issues with public-facing websites and web apps, which hadn’t previously been available. In just a year, 650 people have submitted a total of 3,000 legitimate vulnerabilities.

“The VDP has just really taken off and started providing value in a way that I don’t think anyone was anticipating when we first launched it,” said Alex Rice, CTO of HackerOne, the company that collaborated with the DoD on the program, in an interview with Wired. “It was some learning. DoD realized that…if someone was still working on something there was no legal channel for them to get it to the government.”

Technology and Privacy Forecast 2017
Click to View Full Infographic

The bug bounty program and its associated initiatives account for only one part of a larger process – once these vulnerabilities are flagged, they still need to be addressed. According to HackerOne, the DoD has been able to establish infrastructure that allows for these problems to be resolved relatively quickly, compared to private companies that have run similar programs in the past.

The Computer Fraud and Abuse Act once made it difficult for hackers and other independent experts to raise issues with the U.S. government. These extensive bug bounty programs seem to indicate that there’s been a change of approach when it comes to this kind of activity. As most of the cybersecurity industry has understood for some time, malicious entities are constantly looking for new vulnerabilities to exploit, so there are distinct advantages to having hackers take stock of any potential weak spots.

The post The Department of Defense’s Bug Bounty Program Has Flagged Thousands of Vulnerabilities appeared first on Futurism.

Futurism

Google launched a new bug bounty program to root out vulnerabilities in third-party apps on Google Play

Google is introducing a new program to help root out vulnerabilities in third-party apps in its Google Play storefront. The Google Play Security Reward Program will pay researchers who discover problems in popular Android apps found in the store.

Google has maintained bug bounty programs for products such as Chrome, Chrome OS and others, paying thousands of dollars for vulnerabilities. Developers of popular apps are invited to opt-in to the program to “proactively [improve] the security of some of the most popular Android apps on Google Play.”

The company is collaborating with vulnerability coordination and bug bounty platform HackerOne. Developers are only able to participate if they’re willing to respond to and fix the bugs in a…

Continue reading…

The Verge – All Posts

HBO reportedly offered hackers a $250,000 ‘bug bounty payment’

HBO appears to have tried to pay off the hackers who stole scripts, shows, and employee information sometime last month. Both Variety and The Hollywood Reporter report receiving an email from the hackers containing a transcript of a message sent by HBO offering payment.

In that message, an HBO executive reportedly writes, “As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $ 250,000 to you as soon as we can establish the necessary account and acquire bitcoin.” HBO declined to comment to both publications, but Variety says it was able to confirm that the email was real.

Variety says the email may have been a stalling tactic, as the email was sent in late July before HBO…

Continue reading…

The Verge – All Posts

IoT security flaws attract biggest payouts in bug bounty programs

IoT security flaws attract largest bug bounty pay-outs

Identifying security flaws in IoT equipment and letting manufacturers know about them can be a nice little earner for participants in bug bounty programs, say recent reports. 

For computer-savvy individuals with time and skills to spare, bug bounty programmes offer a chance to make some money on side, by scouting out flaws and glitches in IT systems and flagging them up to those companies in return for a reward.

The thinking behind such programmes – run by General Motors, United Airlines, Starbucks, the Pentagon and many others – is that, rather than shoot the messenger, it’s better to give them a fair hearing and, in some cases, a tasty payout for their findings.

Now it turns out that pointing out vulnerabilities in hardware and IoT targets, compared to other targets, earns bug bounty participants an above-average payout.

A recent report, 2017 State of Bug Bounty, released by bug bounty platform BugCrowd, finds that the average payout for vulnerabilities in hardware and IoT targets is around $ 750 per bug, compared with $ 385 for mobile apps. Overall, the average amount paid out across all types of bug is $ 451.

The top five industries embracing bug bounty programs include automotive, leisure/travel, IoT/computer networking, healthcare, and financial services, according to Bugcrowd’s third annual report. Programs in the automotive industry increased four-fold last year and average payouts were around $ 1,500 for each bug discovered and disclosed.

“Bug bounties are challenging traditional ways of thinking about cybersecurity,” said Casey Ellis, founder and CEO of Bugcrowd. “The model addresses the growing complexity and severity of vulnerabilities in software, hardware, and IoT devices – all of which form the foundation for today’s always-on digital economy.”

Read more: Petya or NotPetya, the IoT needs to be secure

Bug bounty programs and prizes on the rise

In a separate report from rival bug bounty company HackerOne, The Hacker-Powered Security Report 2017, 41 percent of new bug bounty programs launched between January 2016 and January 2017 came from industries outside of the technology sector. Within technology, there was an increase in the number of IoT and smart home programs launched, as well as open-source projects.

Payouts for IoT flaws played a significant part in the growth in new bug bounty programs on HackerOne’s platform, up 59 percent from last year.

Customers’ security response efficiency is improving, too, with the average time-to-first-response for security issues down to six days in 2017, compared to seven days in 2016. The average bounty paid to hackers for a critical vulnerability is $ 1,923 in 2017, compared to $ 1,624 in 2015, an increase of 16 percent.

“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne.

Read more: Industroyer takes spotlight in latest IT scare

The post IoT security flaws attract biggest payouts in bug bounty programs appeared first on Internet of Business.

Internet of Business

‘Brawl Stars’ Bounty, Smash & Grab, Heist, and Showdown Modes Detailed

By now you’ve probably heard that Supercell is getting ready to bring a new game to mobile called Brawl Stars, and unlike Clash Royale, which for the longest time had pretty much one mode, Brawl Stars will launch with four different modes. The modes are Bounty, Smash & Grab, Heist, and Showdown. Bounty is pretty much team deathmatch where you collect stars by eliminating opponents, and the team with the most stars at the end of the match wins. It remains to be seen though whether you’ll always get one star per opponent you take out or whether there will be some kinds of bonuses. Smash & Grab has you collecting crystals from the center of the map, and when you collect 10 crystals and hold onto them, which implies a timer of sorts, you win.

Heist has you cracking the safe of the opposing team or defending your valuables from the other team. This mode has a 2-minute timer on it, and it looks like you’ll either play offense or defense. Finally, Showdown is pretty much battle royale, with 10 players dropped into a slowly shrinking arena, and the last brawler standing wins. As you can see, plenty of ways to play the game, but the announcement does mention that you can “unlock” rowdy game modes, so expect having to level up in some way in order to play all of them.

TouchArcade