Tag: bug

Google Stored Passwords In An Unsecured Manner For 14 Years On G Suite

A Google Blog post disclosed a bug in the company’s G Suite platform that had caused a small portion of the user base to have their secure passwords being saved in a plain text format. The American tech giant reports that the bug has been in the system for the past fourteen years unchecked, although it claims that the bug has not been abused till now and that their investigation into the matter yielded no evidence that pointed towards unwarranted access. Google has reset any of the passwords that may have been affected by the bug. G Suite is the business/corporate version of Google’s Gmail and other Google related applications. Reportedly the bug was born out of a feature that was made specifically for companies, namely the Administrators to reset any user passwords or accounts for newly recruited employees. This process had the Admin console store the passwords in plain text instead of being encrypted. Google has since removed this function for Administrators.

Google thereon reassures how the unencrypted passwords were stored safely in the company’s own servers rather on the internet which is objectively easier to mediate. Google painstakingly explained the subtlety of cryptographic hashing to clear out all doubts surrounding the bug. Furthermore, all unchanged passwords will be reset automatically.

Google has a relatively good track record of detecting bugs and glitches in their system, but this bug points a finger towards a myriad of tech giants and social media companies as well such as Facebook which had also previously saved several hundreds of millions of passwords in plain text. It was accessible to its employees. Similarly, Twitter had also asked its entire user base to reset their passwords due to concerns regarding private data account access.

Also Read: Valve Releases Steam Chat Application For iOS And Android Platforms

Along with the report of the bug and other technical jargon to it, Google also issued an official apology for this oversight and assured their users of their “industry leading” practices and control over the situation. Google concluded by explicitly stating the fact that the aforementioned bug went unchecked for 14 years was rather disconcerting to the company and equally disturbing for its users.

May 22, 2019
Facebook Fixes Glitch That Exposed Users’ Passwords To Employees

Facebook’s indiscretions regarding their users’ security policies have been quite frequent over the last few months, a fresh serious loophole has been detected in the social media platform. As per the sources, the American organization admitted to a bug that apparently exposed all user passwords to the employees of the company. And on top of that, all the passwords were stored in plaintext, not in an encoded manner. Reportedly, the passwords date back to 2012.

About The Encryption

Organizations usually encode user passwords with a process called hashing, which includes the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Doing so encrypts the passwords and only allows access to those who have the encryption key/hashing key. In this case, Facebook failed to take the necessary steps for the same and ended up making a mistake that could’ve provided hackers with an unlocked playground.

Effects Of The Bug

Facebook’s VP stated that the flaw was detected as a part of a routine security review in the month of January. He also stated that Facebook’s login technology employs a different strategy that doesn’t risk the exposure of sensitive data. Also, he mentioned that the company had found no evidence of the data being accessed improperly and that the passwords were never visible to any person outside the organization. After being brought to light, the company itself came forward with a statement that it will notify all the Facebook and Instagram users regarding the bug, and how it has fixed all instances of the same.

Previously in 2018, crackers stole a bunch of data files from almost 50 million users. This was done by accessing the account access tokens of users, which gave the attackers access to the account details. Consequently, this information was further processed, which led to the discovery of the aforementioned password exposing bug in the internal system.

Also Read: Apple Launches Updated AirPods With New H1 Chip & Wireless Charging

Facebook cleared up things by saying that all the exposed passwords were stored in different places on the platform, indicating that they weren’t vulnerable to any one single form of attack. Also, the company stated that the passwords were not captured via login credentials, instead, a lot of internal mechanisms like crash logs had given birth to plaintext passwords. It is interesting to see how Facebook will keep up with the loopholes emerging in the systems since social media security is a huge concern these days.

March 22, 2019
Apple Announces a $200,000 Bug Bounty Program

Cupertino based Apple Inc. has launched its own Bug Bounty program with a winning of US $ 200,000 for hackers and researchers who find and report security flaws in Apple products. Apple claims that they have reached a stagnation point where its own testers and even third party contract security firms are having difficulty finding bugs.

Bug Bounty and hacking seem to be becoming lucrative on the other side of the fence. Recently the FBI paid US $ 1 Million to a Hacker to hack into the San Bernardino case iPhone .

Apple’s Bug Bounty program is by far the biggest corporate bounty program announced, and will definitely get some bug bounty specialists scrambling for the prize. Other companies like Facebook, Twitter and Instagram have already paid out huge sums to bug finders. Vine got added to this list recently.

August 5, 2016
This New iPhone Bug Will Leave Your Device Unusable

A new iPhone bug has emerged which is capable of rendering your device absolutely useless. Yes, you read it right -absolutely useless. The only way to fix it would be to take it to an Apple Store where in all likelihood they would have to replace it.

This bug supposedly emerged at 4Chan on Thursday and has also been spotted on Facebook and Reddit since. There is one simple way to protect yourself from the bug -to never set your iPhone date to 1st January 1970.

It is unclear at this point why the specific date is causing Apple devices to behave this way but one speculated reason involves time zones and the device’s internal clock. Additionally, this wouldn’t be the first time when Apple users have faced issues related to the clock. In the past, clocks on Apple gadgets have acted up to tell the wrong time and delay alarms.

Find below the troll which appeared online urging people to change the date on their device to the aforementioned January date. It promises an “easter egg” that would put a retro Apple logo on the display of your phone. But let us break it to you -there are no easter eggs in the evil world of the Internet.

Once the date has been entered, and the phone is rebooted, it would refuse to respond. Even connecting it to a computer or using iTunes would not help you reduce it to its non-brick state.

Making this troll even more interesting is the fact that Apple did not start as late as 1976. It should be noted, however, that only those Apple devices which are powered by the A7 processor and later -iPhone 5s and above, iPad Air, iPad Mini 2 and above are susceptible to it.

February 16, 2016
Here’s How to Fight the ‘Bug’ Infestation That Has Taken Over iPhones
As of yesterday, the internet was in a frenzy with people saying how fed up they were with a code that shuts down their iPhones, Macs and Apple Watches. The hardy giant that is known for its immunity against any virus, witnessed an obstinate bug take over its OS.

The ‘Unicode of Death’ as it is called, is said to have a code that contains Marathi and Arabic symbols. When sent as a text message, it shuts down your iPhone, causing it to reboot without prior notice and even crashes apps. The bug is so effective that it can even work when the message shows up on your home screen.

The crashing seems to occur in iOS 8.1, iOS 8.2 and iOS 8.3 versions and can be transferred from Android to iOS.

We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update.

While Apple issued a statement acknowledging the problem, they also gave tips for a temporary solution.The company even promised that an upcoming software update will fix the problem permanently. Until then, here are the official instructions from the company:
1. Ask Siri to “read unread messages.”
2. Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.
3. In Messages, swipe left to delete the entire thread. Or tap and hold the malicious message, tap More, and delete the message from the thread.
9to5Mac, an online magazine dedicated to Apple, also suggested three more ways to combat the bug. Keep yourself armed with these tips:

1. Tell the offender to immediately send another message thereby cancelling the effect of the initial strand.

2. Send yourself a message via Siri, the share sheet or your Mac.

3. Some users said that sending a photo via the photo app can allow them to access the message history and delete the conversation.

Most people are using the code as a revenge tool against their ex-boyfriends and girlfriends and some are enjoying pranking their friends. While the problem seems to annoy some, it’s leaving others amused.

However, The ‘Unicode of Death’ can adversely affect your device if not handled with caution. Beware.
May 29, 2015