Announcement Total 11 articles, created at 2016-07-25 00:00 1 Uber Pays Security Researcher $10K for Critical Flaw We learn why it's a good thing an outside researcher found a flaw that could have left Uber users at risk and why third-party bug bounty programs are necessary. 2016-07-24 22:54 4KB www.eweek.com 2 Facebook Aquila Completes Successful Test Flight Facebook Aquila is a solar-powered unmanned aircraft designed to stay aloft for 90 days and deliver the Internet to a 60-mile radius. 2016-07-24 22:54 3KB www.eweek.com 3 How Unity is preparing for the mobile VR revolution Now supported on 24 platforms, the game engine is virtually everywhere 2016-07-24 16:15 4KB feedproxy.google.com 4 Remake of Suda51 mystery The Silver Case gets first trailer The original PlayStation game never made it out of Japan. 2016-07-24 16:00 1KB www.pcgamer.com 5 Five new Steam games you probably missed this week Steam has a whole lot of games, so we decided to highlight a few under-the-radar new releases each week. 2016-07-24 15:00 3KB www.pcgamer.com 6 Marvel: Ultimate Alliance remasters hitting PC this Tuesday With UI and visual improvements. 2016-07-24 14:00 1KB www.pcgamer.com 7 8 things you need to know when buying a Chinese smartphone A whole new world 2016-07-24 14:00 6KB feedproxy.google.com 8 Cyanogen reportedly cuts jobs, may shift its focus toward apps Sources tell Android Police that the company may ditch its Android variant and instead focus on apps following a round of layoffs. 2016-07-24 12:07 1KB www.greenbot.com 9 10 Agile Tips From Pokemon Go Coach Training Pokemon Go players want to improve and become better trainers. The same tips that help you catch more Pokemon can help you become a better scrum master. We caught 10 of those pointers that can be applied to leading an agile team developing enterprise software. 2016-07-24 12:06 2KB www.informationweek.com 10 Watson Offers Macy's AI Help, Workday Acquisition: Big Data Roundup Watson's AI will help you find shoes at Macy's, Workday buys big data analytics company, Google releases machine learning APIs, and more in our Big Data Roundup for the week ending July 24. 2016-07-24 11:05 4KB www.informationweek.com 11 51% off Inflatable Lounge Bag Hammock Air Sofa and Pool Float - Deal Alert This innovative lounge requires no external pump and is the perfect substitute for folding chairs, bean bags, hammocks, picnic blankets and pool floats. Simply unfold, scoop air into it and roll and buckle. 2016-07-24 11:00 1KB www.computerworld.com Articles Total 11 articles, created at 2016-07-25 00:00 1 Uber Pays Security Researcher $10K for Critical Flaw NEWS ANALYSIS: Although Uber is a tech company, it didn't discover the flaw on its own but rather by way of a researcher participating in a bug bounty program. Love it or hate it, Uber has helped transform many people's lives and the way they travel in urban areas. At its core, Uber is not a taxi company; it's a technology service, and one of its primary assets is user information. Uber recently closed a high-impact flaw in its platform that could potentially have put user information at risk. Although the vulnerability is interesting, so too is the means and method by which it was discovered in the first place. Although Uber is a technology company, it didn't discover the flaw on its own, but rather by way of a third- party researcher, participating in a bug bounty program. "Through the endpoint at /rt/users/passwordless-signup it is possible to change the password of any Uber user, given knowledge of their phone number (or by just enumerating phone numbers until one is found that is registered with Uber—not too hard given the number of Uber users)," the HackerOne bug report 143717 details show. Uber officially launched its bug bounty program as a public effort in March. The bug bounty program is run on the HackerOne platform, with the promise of a payout of up to $10,000 for critical issues. As it turns out, bug report 143717 is a very critical issue. The issue was first reported to Uber on June 8 by a security researcher identified only by the alias "Mongo. " Uber responded to Mongo's report the same day and made nearly immediate changes to fix the identified issue. On June 28, Uber rewarded Mongo with a $10,000 bug bounty for responsibly disclosing the 143717 issue. The threat addressed in the 143717 issue, however, didn't become public until July 14. This was a critical issue, and it looks like the flaw could have had significant impact on Uber's business and its clients. Uber itself (and again Uber is a software company) did not find this issue on its own, despite its significant engineering and security resources. Remember, Uber is where security researchers Charlie Miller and Chris Valasek now work. Miller and Valasek are the two researchers responsible for hacking a Jeep in 2015 that led to the recall of 1.4 million vehicles. So even a company like Uber, which employs two of the most well-known security researchers on Earth, did not find a critical vulnerability in its software on its own. "Uber runs an incredible competitive and transparent bug bounty program on HackerOne," Michiel Prins, co-founder, HackerOne, told eWEE K. "The security team at Uber utilizes a public bug bounty treasure map to guide hackers looking for vulnerabilities and they embrace public disclosure to help the security community at large. " When a more severe vulnerability is reported by a hacker and resolved by any security team, this is proof of the success and value of bug bounty programs, Prins added. The fact that Uber didn't find the flaw on its own is not necessarily a bad thing, but rather speaks to the incredible value and need for bug bounty programs. Simply put, there are almost always going to be more skilled security people outside a company than inside. By tapping into the broader security researcher community, any company, be it a software vendor or the U. S. Department of Defense, can get different viewpoints, and identify potentially previously unknown vulnerabilities. As for Uber security researchers Miller and Valasek, they too can potentially benefit from bug bounty programs. Fiat Chrysler America (FCA) recently launched its own bug bounty program on the Bugcrowd platform. In an interview with eWEEK at the time, Casey Ellis, CEO and founder of Bugcrowd, said that with the program, researchers like Miller and Valasek now have a platform to communicate flaws to FCA. The bottom line is that security researchers, wherever they might be, and for whomever they work, can and should be free to help improve security without being limited to their place of employment, and that's a promise that bug bounty platforms help enable. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. 2016-07-24 22:54 Sean Michael www.eweek.com 2 Facebook Aquila Completes Successful Test Flight Facebook Aquila, an unmanned aircraft designed to stay aloft for 90 days and deliver the Internet to a 60- mile radius, completed its first successful flight. What has the wingspan of an airliner and can fly on the power of roughly three hair dryers? The answer: Facebook's Aquila, a solar- powered, unmanned aircraft that will beam the Internet to remote parts of the world. On June 28, Aquila took its first flight, sitting on a type of trailer bed being pulled by a truck and finally disconnecting and elegantly lifting over a runway cutting through the vast, scraggly desert of Yuma, Ariz. "After two years of development, it was emotional to see Aquila actually get off the ground," CEO Mark Zuckerberg shared on Facebook July 21. "But as big as this milestone is," he continued, "we still have a lot of work to do. Eventually, our goal is to have a fleet of Aquilas flying together at 60,000 feet, communicating with each other with lasers and staying aloft for months at a time—something that's never been done before. " To accomplish that, Zuckerberg explained, Facebook's engineering team will need to address some challenges. These include reducing Aquila's weight (which is currently around 1,000 pounds); reducing the amount of energy required to keep Aquila cruising; reducing the load, which is largely made up of high-energy batteries; and improving Aquila's ability to transfer data. Goals for Aquila include enabling it to stay in the air for 90 consecutive days, serve Internet connectivity to a 60-mile diameter and transfer data more than 10 times faster than existing systems, using beams to "hit a dime more than 11 miles away while in motion," Zuckerberg wrote. In a separate test, Facebook engineers shared that the flight test, while planned for 30 minutes, lasted 96 minutes, while the team collected valuable data on aspects of the craft's performance, including its radios, aerodynamic handling, batteries, motors and structural viability. That first test was powered only by batteries and used 2,000 watts (the "three hair dryers" estimate is 5,000 watts); but the plan is eventually to include solar cells. Aquila will need to collect enough energy during daylight hours to stay aloft overnight—an act that, flying at a nighttime altitude of 60,000 feet, is expected to require those 5,000 watts.