The Week in Application Security News: November 11-17, 2013

Been too busy changing all your overused passwords to read the security news this week? We’re here to catch you up on the past week’s news from an #AppSec point of view, from Loyaltybuild’s massive breach of trust as well as credit card details, to the Adobe exposure that keeps on giving, to remembering the last of the living Enigma code-breakers – it was quite a busy week in the world of security.

  • Bug Bounty programs are gaining traction as Facebook and Microsoft band together to create the Internet Bug Bounty, rewarding “friendly hackers who contribute to a more secure internet.” Different platforms are available to hackers for varying awards – like at least $5,000 rewarded to a hacker who finds critical widespread vulnerabilities on the mainstream internet and at least $1,000 for open-source projects including OpenSSL, Rails, Python and more. “We explicitly selected projects with historically strong security track records and an active volunteer community of security contributors, and we will very likely expand the list in the future,” said Alex Rice, Facebook’s product security lead, to SCMagazine.com.

  • The Adobe breach just keeps on spreading the ‘love’, as Facebook required some users to change their passwords this week after discovering that their login credentials were the same as those stolen from Adobe’s database. The social network mined the data that was leaked from the breach to uncover and contact those that used the same password for Facebook and Adobe logins,  running the information through “the same code that we use to check your [Facebook] password at login time,” Facebook security engineer Chris Long told Brian Krebs. The information leaked could affect between 38 and 150 million Adobe users on their site and across the web. As of now, only Facebook and a few other sites have had their customers change their login details due to the attack.
  • Up to 500,000 Europeans were alerted that their credit card details including never-to-be-stored CVV numbers have been compromised this week after a major data breach at special offers and promotions scheme company Loyaltybuild. Furthermore, the names, addresses, numbers and emails of 1.12 million clients were also obtained illegally in the attack, and at least 70,000 Irish patrons at grocery store chain SuperValu had their financial information stolen after entering store promotions. Customers are being informed this week, but the full extent of the breach is still unfolding.
  • Hacking in History: Mavis Batey, British student turned WWII cryptographer, died this week at the age of 92. Batey worked at Bletchley Park, the site of Britain’s main decryption center during the war, and it was there that the (at-the-time) 19-year-old helped break the enemy’s codes on the mysterious Enigma machine. Due to the sensitive nature of the work she performed, Batey only recently found out the full significance of her ‘hackings’ when it was released that her code-cracking had helped the Allies take down the Italian navy in 1941 and played a major part in the 1944 ‘D-Day’ invasion of Normandy.

Reminder: AppSecUSA is THIS WEEK in NYC

If you’re coming to AppSecUSA this week, don’t forget to visit Checkmarx in Booth #16. We’ve got great games and giveaways and would love to say hey!

Checkmarx NYC

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Jump to Category