Kerala Techie Spots Bug That Made Over 400 Million Microsoft Emails Easy To Hack
NEW DELHI, Dec 12: A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts -- from Office 365 to Outlook emails -- open to hacking.
Sahad NK, who works as a security researcher with cyber security portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.
"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Safety Detective on Tuesday.
The vulnerabilities were reported to Microsoft in June and fixed by November end.
"While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad.
Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.
A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account -- simply by tricking a user into clicking a link.
"Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user," said TechCrunch.
Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.
Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.
Courtesy: www.ndtv.com
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Trump says he ‘hasn’t even thought about’ continuing Iran ceasefire
Washington: US President Donald Trump has said he has not yet considered whether he would continue the ceasefire involving Iran, while also claiming the United States holds the advantage in negotiations.
Speaking to reporters, Trump said he was prepared to make a deal with “whoever is running the show” in Iran.
“They are fighting with each other, there’s tremendous infighting. They’re probably fighting for leadership in many cases. I think they’re fighting not to be leader because we knocked out two levels of leaders,” he said.
Trump added, “When they want they can call me. We have all the cards, we’ve won everything.”
Referring to ongoing negotiations, he said, “They gave us a paper that should’ve been better. And, interestingly, immediately when I cancelled it [envoy trip to Pakistan], within 10 minutes we got a new paper that was much better.”
“We talked about they will not have a nuclear weapon, very simple … They offered a lot, but not enough,” he added.
When asked whether he would continue the ceasefire, Trump replied, “I haven’t even thought about it.”
The remarks come as uncertainty remains over the future of the temporary truce and broader negotiations between Washington and Tehran.
