Kerala Techie Spots Bug That Made Over 400 Million Microsoft Emails Easy To Hack
NEW DELHI, Dec 12: A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts -- from Office 365 to Outlook emails -- open to hacking.
Sahad NK, who works as a security researcher with cyber security portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.
"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Safety Detective on Tuesday.
The vulnerabilities were reported to Microsoft in June and fixed by November end.
"While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad.
Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.
A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account -- simply by tricking a user into clicking a link.
"Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user," said TechCrunch.
Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.
Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.
Courtesy: www.ndtv.com
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
44 peacocks die of H5N1 in Karnataka’s Tumakuru; minister orders precautions
Bengaluru (PTI): After 44 peacocks died of the H5N1 virus in Tumakuru district, Karnataka Minister Eshwar Khandre on Saturday directed officials to implement strict precautionary measures to prevent its spread across forest areas, including zoos and bird sanctuaries.
The directive comes after laboratory reports from the ICAR–National Institute of High Security Animal Diseases in Bhopal recently confirmed H5N1 avian influenza as the cause of the deaths.
According to the state forest minister, the peacocks died between April 16 and 21 in and around Bommanahalli and Kolihalli villages in Urdigere hobli, and Bairasandra and Hullenahalli villages in Gulur hobli of Tumakuru district.
“In this context, instructions have been issued in line with the revised H5N1 Action Plan of the Central Government to prevent the spread of infection across all forest areas, including zoos, bird sanctuaries, Magadi Lake, and the community reserve at Kokkare Bellur,” Khandre said in a note addressed to the principal chief conservator of forests (wildlife) and chief wildlife warden.
He also directed that any deaths of birds, whether migratory or local, must be reported immediately, and that samples from carcasses should be collected and sent for testing.
If required, a nodal officer may be appointed to monitor the situation across the state, he added.
Authorities have established an infected zone within a 0–3 km radius and a surveillance zone extending from 3 to 10 km.
According to the Health Department, surveillance for fever, Influenza-Like Illness (ILI), and Severe Acute Respiratory Infection (SARI) will be carried out over the next 10 days, covering a population of 20,432 across 38 villages.
In light of the situation, the department has advised the public to follow precautionary measures to minimise the risk of infection by avoiding contact with sick or dead birds and maintaining hand hygiene by washing hands frequently with soap and water.
It has also suggested the use of personal protective equipment (PPE) while handling birds or their droppings, and advised ensuring that poultry and eggs are thoroughly cooked (above 80 degrees celcius) before consumption.
The health department has also recommended avoiding close contact with individuals exhibiting symptoms of respiratory illness.
The department said it is closely monitoring the situation and has put necessary precautionary measures in place.
The public has been advised to remain vigilant and report any unusual bird deaths or symptoms promptly, officials added.
Avian influenza (H5N1) is a subtype of the influenza virus that infects birds and mammals, including humans in rare instances, according to the World Health Organisation. Human cases reported so far have been mostly linked to close contact with infected birds or other animals, or with contaminated environments.
