Kerala Techie Spots Bug That Made Over 400 Million Microsoft Emails Easy To Hack
NEW DELHI, Dec 12: A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts -- from Office 365 to Outlook emails -- open to hacking.
Sahad NK, who works as a security researcher with cyber security portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.
"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Safety Detective on Tuesday.
The vulnerabilities were reported to Microsoft in June and fixed by November end.
"While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad.
Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.
A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account -- simply by tricking a user into clicking a link.
"Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user," said TechCrunch.
Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.
Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.
Courtesy: www.ndtv.com
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Women ought to have been given more seats by Congress in Assembly polls: Satheesan
Kochi (PTI): Congress leader V D Satheesan on Saturday agreed that women ought to have been given more seats in the upcoming Assembly polls.
The Leader of Opposition (LoP) in the Kerala Assembly said that the party wanted to give more seats to women in the Assembly polls.
"We wanted to give more seats. Even I am not satisfied with that issue. It (seats given) was not enough," he told reporters at Paravoor here.
His response comes a day after Congress national spokesperson Shama Mohamed expressed dissatisfaction over the low representation of women in the party's candidate list for the upcoming Assembly elections on April 9.
Regarding queries related to the UDF support for former CPI(M) leader G Sudhakaran, the opposition leader said that he has a lot of respect for the Marxist veteran who was a "fair minister" when he was in government.
ALSO READ: Air India, IndiGo, SpiceJet oppose govt's 60 pc free seat selection decision
"He (Sudhakaran) does not lie. He was a fair minister. He distributed funds to all MLAs equally. I still respect him. He took a stand, and after that, we politically backed him," Satheesan said.
He also said that he was greatly indebted to former MLA and Congress Joseph Vazhakan, who had brought him back to the political mainstream.
"So, I am greatly indebted to him. He loved me like a brother. I am sad that even in my current position, I could not ensure a seat for him," he said.
Vazhakan had on Friday expressed his disappointment over being denied a seat at the last moment, as he had printed election posters and banners in preparation to contest in the polls.
He, however, had said that he would remain committed to the party despite the setback.
Vazhakan had said that his name had been under consideration for the Ettumannur constituency, but the Congress on Thursday decided to field DCC president Nattakom Suresh from the seat.
Satheesan, while speaking to reporters, also said that there was nothing wrong with posters being put up in the name of any Congress leader.
"We have no problems with that as the team Congress is united. The CM candidate has already been decided. It's CPI(M) narrative that there are problems in the Congress, there are no issues in the party," he said in response to reporters' queries about posters of K C Venugopal being put up in many places of the state.
