Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
»
1-min read

Kerala Engineer Spots Bug That Made 400 Million Microsoft Accounts Easy to Hack, Wins Reward

Sahad Nk identified a string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account, simply by tricking a user into clicking a link

IANS

Updated:December 12, 2018, 12:32 PM IST
facebookTwitterskypewhatsapp
Kerala Engineer Spots Bug That Made 400 Million Microsoft Accounts Easy to Hack, Wins Reward
Sahad Nk identified a string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account, simply by tricking a user into clicking a link
Loading...

A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts, from Office 365 to Outlook emails, open to hacking.

Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.

"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Safetydetective on Tuesday. The vulnerabilities were reported to Microsoft in June and fixed by November end.

"While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad. Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products. A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account -- simply by tricking a user into clicking a link.

"Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user," said TechCrunch. Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.

Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.

Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
To Assembly Elections 2018 Results