Grand Island Independent: UNL’s annual BugFest event goes virtual this year “The online event is designed to create a comfortable space for families and friends to learn about insects and science through family-oriented activities. Attendees can learn about bee biology, learn how to draw insects, view Nebraska insects, see insects with a blacklight and participate in at-home, hands-on activities. All activities and videos were created by entomology students, faculty and staff.”
ComputerWorld: MS fixes ‘external database’ bug with patches that have even more bugs . “Yesterday, in an odd Patch Thursday, Microsoft released five patches for the ‘Unexpected error from external database driver’ bug. But the cure’s worse than the disease. If you installed one, yank it now — and expect Microsoft to pull the patches soon.”
Digital Trends: Meet The Bug Bounty Hunters Making Cash By Finding Flaws Before Bad Guys. “Many security researchers make a living with security companies, but not everyone likes the rigidity of a corporate environment. Some work on a freelance basis. Like vigilante outlaws, they dig up bugs and exploits in some of the world’s most popular platforms, hoping to gain a reward for their efforts. Offering a bug bounty is one of the best ways for software companies to find problems with their applications and services before they can be exploited. Offering a reward means those who find a flaw may opt to cash in, instead of selling it to those who would use it for nefarious purposes.”
The Register: All ready for that Easter holiday? Here’s a mild MySQL security bug . “A programming blunder has been uncovered in Oracle’s MySQL that can potentially leak usernames and passwords to man-in-the-middle eavesdroppers. Known as ‘The Riddle,’ the flaw potentially allows a miscreant to intercept and obtain login credentials sent from MySQL clients 5.5 and 5.6 to servers. Apparently, a fix introduced in versions 5.5.49 and 5.6.30 isn’t enough to fully address the design flaw. Versions 5.7 and later, as well as MariaDB systems, are not vulnerable.”
Hey! Apple is starting a bug bounty program. “Earlier this year, Apple faced criticism over its lack of a bug bounty program when the FBI paid an unknown entity more than $1 million for help breaking into an iPhone used by one of the San Bernardino, Calif., shooters. Without a bug bounty program, some argued, the only way researchers could make money from finding bugs in Apple products was by selling them off to the highest bidder — in this case, the FBI.”
The latest company to launch a bug bounty is Kaspersky Labs. “The bounty [began yesterday] on the HackerOne platform, and the first phase will run for six months. The company said that during the first phase, $50,000 would be available for rewards to researchers finding vulnerabilities in the vendor’s flagship consumer and business products, Kaspersky Internet Security and Kaspersky Endpoint Security respectively. In scope will be local privilege escalation, unauthorized access of user data, and remote code execution flaws in each product.”
The latest company to start a bug bounty program makes cars (PRESS RELEASE). “Reflecting the rapidly increasing convergence of connectivity technology and the automotive industry, FCA US LLC today announced the launch of a public bug bounty program on the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.” “FCA US” not ringing any bells? It used to be The Chrysler Group.