Bug Bounty Program

by ronfluegge 6. September 2016 16:41

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.

Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.

Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

Copyright 2016 TechTarget

Tags:

General

The Threat to America’s Electrical Grid Is Much Bigger Than You Can Possibly Imagine

by ronfluegge 1. August 2016 13:00

"Greetings from the front. The cyberwar continues. Our operatives continue to hit infrastructure targets around the globe. In June alone we conducted 44 ops, hitting targets in 26 U.S. states and six countries total. Each operation impacted as many 15,000 people and lasted for up to four and half hours. Of course that’s just our unclassified operations; the actual number of power outages our operatives have caused is 10 times that number.

"As we continue to wreak havoc on your electric infrastructure, your policymakers and cyberwar hawks are rattling sabers, worried about online attacks from nation-states, completely ignoring the threats that successfully target your power grid every day. The Washington Post, Forbes, USA Today, and even the esteemed Ted Koppel talk about “cybergeddon,” trillion-dollar risks, and when — not if — a massive cyberattack on the U.S. electric power grid will occur. Even President Obama is worried. In the meantime, we quietly go about our work, disrupting power generation and transmission across the globe.

"To date there has been exactly one, just one, power outage that can be attributed to some sort of cyberattack by a nation-state. Last December, someone (many people say directed by the Russian government, but there really isn’t enough evidence to support that accusation) hit up to six different power companies in Ukraine with a coordinated malware and DDoS attack. This definitely wasn’t a random lone hacker in a basement; this took months of planning and coordinated effort. It sounds scary but the outages only lasted a few hours and affected around 80,000 residences. We have caused far bigger and longer outages all by ourselves."

To read further, go to https://foreignpolicy.com/2016/07/31/the-threat-to-americas-electrical-grid-is-much-bigger-than-you-can-possibly-imagine-cyberwar-squirrels-rodents-hackers/

Tags:

General

RESTful API

by ronfluegge 12. July 2016 15:17

A RESTful API is an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data.

Representational state transfer (REST), which is used by browsers, can be thought of as the language of the Internet. Now that cloud usage is on the rise, various application programming interfaces (APIs) are emerging to expose Web services and REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. RESTful APIs are used by many sites, including Google, Amazon, Twitter and LinkedIn.

A RESTful API breaks down a transaction to create a series of small modules, each of which addresses a particular underlying part of the transaction. This modularity provides developers with a lot of flexibility but can also be challenging for developers to design from scratch. Currently, the models provided by Amazon Simple Storage Service (S3), OpenStack Swift and Cloud Data Management Interface (CDMI) are most popular.

RESTful APIs explicitly take advantage of HTTP methodologies defined by the RFC 2616 protocol. They simply use "PUT" to change the state of or update a resource, which can be an object, file or block; "GET" to retrieve a resource; POST" to create that resource; and "DELETE" to remove it.

The current GADS OS software has been updated to support General Electric's Operational Excellence program data requirements and uploads that utilizes the GE RESTful APIs.


Welcome to the GADS Open Source blog!

This will be an easy place to keep up on updates and news related to GADS and the GADS Open Source software.

Check out the FAQ section below as well.