This week, HackerOne announced that one of its employees was caught stealing reports submitted by users and publishing them online for personal gain. The company announced that after the investigation employee has been terminated and contacted the affected users. Also, the FBI and MI5 have issued a joint statement and warned companies about possible Chinese-sponsored spying activities. Also this week, AlmaLinux made it into the Top500 Supercomputers list.
HackerOne employee caught publishing stolen vulnerability reports anonymously
HackerOne announced that one employee was caught stealing and publishing vulnerability reports on bug bounty platforms. The company was alerted by a customer, who asked them to investigate a suspicious vulnerability disclosure made outside the platform. The investigation revealed that a then-employee had improperly accessed security reports for personal gain. The employee was terminated and HackerOne bolstered its defenses to avoid similar unwanted issues.
Software Freedom Conservancy boycotts GitHub
The Software Freedom Conservancy has urged developers to replace GitHub due to its new Copilot AI. The nonprofit organization just declared that it has given up GitHub due to its decision to include Copilot in subscription plans. According to SFC’s claim, Copilot uses codes to train itself to help the developers by automatically filling the remaining code. The organization states that it is a paid product that gets its power from the open-source projects on GitHub. The organization says that they tried to communicate their concerns and GitHub refused to respond to those over the program.
FBI and MI5 issued a joint warning on Chinese spying
FBI and MI5 have issued a joint statement, warning western technology companies to be cautious about possible Chinese-sponsored spying activities. The organizations claimed that China is looking for ways to protect its economy against potential sanctions. FBI and its British counterpart MI5 also stated together that China poses the biggest long-term threat to both the U.S. and the U.K. They warned of potential tactics used by Chinese officials who steal valuable information from technology companies. A Chinese embassy spokesperson in Washington condemned the accusations and described those as completely groundless.
AlmaLinux ranked in TOP500 supercomputers list
The AlmaLinux OS Foundation now has four supercomputing sites in the TOP500 List which are deployed on AlmaLinux. The open-source, community-governed, and forever-free enterprise Linux distribution focuses on long-term stability and delivering a robust production-grade platform. The installations of AlmaLinux are listed in the June 2022 version of the TOP500 List, the well-known ranking site which benchmarks supercomputing systems. AlmaLinux is installed on MEGWARE clusters, one of Europe’s leading supercomputing specialists develops and installs high-performance computing systems and Linux clusters.
US Department of Defense launches Hack U.S. bug bounty program
US Department of Defense is inviting hackers to assist in strengthening its security systems by offering financial rewards. The bug bounty program aims to encourage security researchers, and ethical hackers to identify vulnerabilities directly targeting publicly accessible Department of Defense (DoD) information systems, including websites. The program is being held between July 4th and July 11th. The DOD has allocated a budget total of $110,000. The rewards are $1,000 for critical severity reports, $500 for high severity reports, and $3,000 for the vulnerabilities that fall under special categories.
Pen-tester breaks into a data center using “piss corridor”
Penetration tester Andrew Tierney shared an anecdote telling how he was able to break into a data center through a corridor behind toilets. When Tierney examined the floor plans of the building, he noticed a corridor running along the back of the toilets, which he refers to as the “piss corridor”. In a toilet, he found a door to the corridor and he could easily open it and walked along the corridor. When he reached the toilets on the secure side of the facility, he left the corridor, enabling him to bypass cylinder mantrap gates.
Oracle Linux 9 released
Oracle announced the general availability of Oracle Linux 9 with Unbreakable Enterprise Kernel Release 7. The latest version of Oracle Linux, which is designed for application development and deployment, provides performance and security enhancements. Unbreakable Enterprise Kernel Release 7 comes with LTS Linux Kernel 5.15 and supports the latest hardware. OpenSSL 3.0 in Oracle Linux 9 also comes with various enhancements for developers and users. The new FIPS module prevents non-FIPS algorithm use while the FIPS flag can be set in the kernel without the need to switch OpenSSL to FIPS mode.