Security Alerts & News
by Tymoteusz A. Góral

#808 Instagram patches brute-force authentication flaws
Facebook on Thursday patched a pair of vulnerabilities that enabled brute-force attacks against Instagram passwords, and also hardened its password policy.

Researcher Arne Swinnen privately disclosed the flaws in December and in February respectively. One bug was patched in February, while the other went through two rounds of fixes before the issue was resolved on May 10. Swinnen received a combined $5,000 bounty.

The severity of the vulnerabilities was exacerbated by Instagram’s weak password policies and its practice of enumerating userIDs incrementally put accounts in jeopardy with minimal effort, Swinnen said.

“This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones,” Swinnen wrote in a report describing details of both vulnerabilities.
Read more
#809 Microsoft warns of sneaky new macro trick
#808 Instagram patches brute-force authentication flaws
#807 Microsoft: Terrorists no longer welcome on OneDrive or Hotmail
#806 DARPA extreme DDoS project transforming network attack mitigation
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12