Friday, January 22, 2016

50 millions were stolen from one of the main airlines providers

We are increasingly feeling fear of flying and the cause aren´t our traumas, but the high insecurity in everything that has to do with planes and airlines. Today, we knew computer attackers stole 50 millions to a Boeing and other airlines provider. We will tell it, as well as the patch that had cost Apple 3 years of work, and about back doors at military equipment and a manual to create your own bug bounties program.


According to the Ponemon Institute, the average stolen money at computers attacks ranges from 3,8 million dollars. Well, 50 million euros, nearly 55 millions dollars, have been stolen to FACC, an air materials manufacturer. The Austrian company, with customers like Boeing and Airbus and whose main stockholder is a Chinese corporation, says that surprisingly they didn´t stole data neither intellectual property: only money.

Patch for iOS

We from one surprise to another surprise: 3 years cost Apple fixing a bug in iOS, for which yesterday was issued the patch. The so called bug of the shared cookies affects people who connect their devices to public wifi networks which offer a captive portal, like in airports and hotels. At this portals it usually appears a small window to introduce credentials and there is where the vulnerability starts, being able to share cookies with Safari. Read it, read it.

Backdoor at the army

The surprises don't finish here, because today we discovered that the principal defenders of introducing back doors at our computer devices have already had a dose of their own medicine: a communication and control equipment US Army, White House and other security organizations sold them devices with a back door included, which SEC_Consult has already discovered.

The How-to of bug bounties

We finish with a document, in this case a PDF, to read quietly at the weekend: It's the questionnaire which has been created by platforms which offer rewards to who find computers fails (bug bounties), so the organizations that want to join at this initiative can know with what scales can they calculate how critical is a fail and how much is paid for it.

We finish our week summaries that way, but the computer security actuality doesn´t finish. Today and tomorrow takes place the Sh3llcon.es at Santander (Spain). And on Sunday we will publish a new interview, this time with the Internet Security Auditors owners, Vicente Aguilera.


0 comments:

Post a Comment