Dropbox Launches Bug Bounty Program With HackerOne

To better protect user's information, Dropbox has launched its bug bounty program in partnership with HackerOne. Hackers reporting small vulnerabilities will receive $216.

"For now, the Dropbox, Carousel, and Mailbox iOS and Android applications; the Dropbox and Carousel web applications; the Dropbox desktop client as well as the Dropbox Core SDK are eligible for the bounty program. We may also reward for novel or particularly interesting bugs in other Dropbox applications."

There are a series of rules which security researchers will have to follow to be eligible for the rewards.
"You are responsible for complying with any applicable laws, and you should only use your own accounts or test accounts for reporting vulnerabilities.

To promote the discovery and reporting of vulnerabilities and increase user safety, we ask that you:
  •     Share the security issue with us in detail
  •     Give us a reasonable time to respond to the issue before making any information about it public.
  •     Not access or modify user data without permission of the account owner.
  •     Act in good faith not to degrade the performance of our services (including denial of service)."

More can be read from HackerOne Post concerning the program and the rules [Click Here!]
Source:[Dropbox Blog]

, ,

45 Security Issues Fixed In Chrome 42

Chrome 42 is available since Tuesday for Windows, Mac and Linux. A total of 45 security flaws were addressed in this version. The security researcher who identified most serious vulnerability, a cross-origin bypass flaw in HTML parser (CVE-2015-1235) was paid $7,500.

List of all vulnerabilities fixed goes as follows,
  • High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

We advise our readers to update their Chrome to the latest version.

Source:[Google Blog]

,

22 Vulnerabilities Fixed in Flash Player 17.0.0.169

The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw which is being leveraged in the wild. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.
The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
  • These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
  • These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). 
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).


We advise our readers to update their Flash Player. The new release is available for all platforms.

Source:[Adobe Security Bulletin]

,

Hacker Leaks Nude Photos of Kelly Brook

After being victim of the iCloud hacks last year, Kelly Brook has once again been targeted by hackers. 24 private images of the American actress have been leaked online.
Responding to the leaked images last year, the actress tweeted, "The only nude photos you’ll ever see of me are the ones that I "Leak" and the ones that my head are superimposed on!"
She hasn't yet responded to the new leaks.

Source:[Click Here!]

,

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !