Your daily round-up of some of the other stories in the news
Twitter pays bug bounty and patches flaw
Twitter has patched a vulnerability that allowed an attacker to pose as another user and post as if from their account. The flaw, according to Motherboard, was in Twitter’s Ad Studio, which allowed advertisers to upload media.
An attacker could target another Twitter user first by sharing media with them and then modifying the post request with the victim’s account ID.
The researcher was awarded a bug bounty of $7,500 – but a former Twitter exec, Charlie Miller, tweeted that he was “not shocked” that this vulnerability was in code from the ads team.
Redmond creates Chinese version of Windows 10
Chinese government officials are getting a custom version of Windows 10 built by Microsoft for Beijing, the Redmond software giant said earlier this week.
A blog post from Terry Myerson of Microsoft’s Windows and Devices group was a bit sparse on details of what tweaks Redmond has made for the Chinese government.
Myerson said that as a result of “earnestly co-operating” with Beijing, they had built the “China Government Edition [that] will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates and to enable the government to use its own encryption algorithms within its computer systems”.
Big technology companies have struggled with China’s heavy-handed approach to their products: many platforms such as Facebook and Google are banned in China, while China has demanded to see the source code of products. Microsoft had joined big tech hitters including Intel in declining to share their code, but it seems now that Redmond and Beijing have come to an agreement.
Password manager creates ‘travel mode’
We’re fans of password managers here at Naked Security, and we’ve also been covering the ongoing issues of travellers being asked to hand over their phones and passwords to immigration officials, so we’re pleased to see that one app has come up with a way to protect your sensitive passwords from prying eyes at a border.
1Password has come up with what it’s calling Travel Mode: before you leave home, you add the passwords you might not mind sharing want access to into a “safe for travel” vault in the app, then turn on travel mode. At that point, all your other passwords are removed from the device.
Then, when you’re safely over the border and customs officials have finished with your phone, you turn off travel mode and all your more sensitive passwords are restored to the device.
It’s not foolproof – a smart customs official could ask you to disable travel mode – but it could help you keep sensitive passwords safe while you travel.