Disposable mail Crowdsource – Not Your Average Bug Bounty Platform – 10 minute mail

How does Disposable mail Crowdsource get the most skilled ethical hackers of the world to come together and have as broad an impact as possible? The answer – a bug bounty program, but not in the traditional way.

I am Carolin Solskär, Disposable mail Crowdsource Community Manager and I work closely with our ethical hackers to make sure we maintain an awesome experience for all our members with the shared goal to make the Internet more secure. Let’s talk about how Disposable mail Crowdsource is not your average bug bounty platform:

Ethical hackers founded Disposable mail. They built the company on the simple idea that the Internet is broken and that there should be a product to help fix it. This is not an easy mission, and our founders realized that their brainpower was not enough. They needed to involve more people, but could not hire all of them, so they turned to the power of the crowd.

If you find a security bug that impacts hundreds of companies, how would you go about reporting it to every single one?

In your bug bounty efforts, you may stumble upon a finding with a footprint more extensive than just the current asset. It’s something more systemic and may apply to other targets as well, including ones that you cannot legally test on. What would you do?

First, you would begin with finding out whether they have a Responsible Disclosure or a Bug Bounty Program before you run tests. Then for every vulnerable instance, you will need to make an individual report and submit them separately. This part can be extremely time consuming, and you will not reach all targets. Also, it is not likely to generate that much money for you, and the payout is not even always guaranteed.

In other words: this process is not scalable. If the desired outcome is to make the Internet safer, there needs to be a better way of distributing security knowledge.

“As a hacker, I’m a big fan of automation, and automation that periodically rewards you for your past research without lifting the same finger twice is amazing.” – eur0pa, member of Disposable mail Crowdsource

Disposable mail automates the knowledge of 200+ handpicked ethical hackers

As a hacker, you’re already familiar with different scripts and tools to help you with your recon work. Disposable mail automates the reporting of vulnerable instances to vendors on behalf of hackers. When you discover a vulnerability and submit a proof of concept to us, our security researchers will automate it using our sophisticated in-house scanning engines. Those scanning engines will find and validate that vulnerability across our broad range of customers. 

We make hacking scalable 

Disposable mail is not like other bug bounty platforms. Bug bounty programs have made collaborating with hackers more acceptable, but these only benefit one company at a time. Our approach is to source widely applicable research that can be automated to check our entire user base since there are similarities in the tech stacks. In turn, our hackers have a broader impact on Internet security.

Get a recurring reward

And perhaps the most differentiating factor; Disposable mail Crowdsource hackers get paid per hit as long as the module is live. This means that each time you submitted vulnerabilities appear in unique customer assets through Disposable mail services, you collect a bounty. You get a continuous flow of rewards for your work, rather than a one-time lump sum. The more widespread the vulnerability, the more companies you help, and the more money you will make.

“The best part of Disposable mail Crowdsource is that it’s like a passive income. You report one common vulnerability you’ve found and you could get hits on it for months to come” – Streaak, member of Disposable mail Crowdsource

The combo of automation and crowdsourced security will make the Internet safer

In the fingerprinting phase of scanning, we detect what technologies our customers run on their websites. Instead of holding onto this, we share this with our Crowdsource hackers so they can see what types of technology have more instances to check. 

We also guide researchers to submit specific vulnerabilities that we think will affect our users. It could be a vulnerability that we know exists but that we don’t have a proof of concept for, which is the case for some Common Vulnerability and Exposures (CVE). You don’t have to be the original researcher to submit something to the Crowdsource bug bounty program. If you stumble upon a vulnerability online, and we have yet to implement it, we will gladly accept a detailed and well-defined proof of concept.

Bug bounties aren’t just for bug bounty hunters

We are not only looking for full-time bug bounty hunters to join the community. Pentesters, security-interested developers, and security hobbyists are welcome as well. We need diverse skill sets in our network to have a significant impact.

So what are you waiting for? Take our challenge and find out if you got what it takes to join our mission of fixing the Internet! 

Apply to be a part of Disposable mail Crowdsource at https://cs.detectify.com/apply.

“To be honest, what I like the most is to see what modules other researchers are submitting. It pushes me to be a better researcher. For example, sometimes I see modules on frameworks that I’ve tested before. So seeing something new on it makes me think ‘how did I miss that? How could I have found that?’ And then I attempt to reproduce it.” – JR0ch17, member of Disposable mail Crowdsource 

Disposable mail collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Our testbed includes the OWASP Top 10, security misconfigurations and subdomain takeovers submitted by the Disposable mail Crowdsource community. Try or buy Disposable mail. Sign up today for a 14-day free trial.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Facebook Acquires GIF-Sharing and Creation Platform GIPHY for $400M

Facebook today announced that it has acquired the popular GIF sharing platform GIPHY, and it will be joining the Instagram team. Instagram has supported GIPHY search in Stories for years now, but Facebook said it will “further integrate” the platform’s GIF library into Instagram and other Facebook apps.

The sum of the GIPHY acquisition by Facebook is reportedly around $400 million, according to Axios.

The company aims to eventually make it even easier to find GIFs and stickers in Instagram Stories and direct messages. GIPHY will continue to operate its own library of GIFs and stickers, while Facebook will invest in the company’s technology and relationships with content and API partners.

On Facebook, GIPHY access allows users to search for and post GIFs in comments. Both GIFs and stickers are supported in Facebook and Instagram Stories, as well as in direct messaging. Likewise, Facebook-owned WhatsApp supports GIFs in a similar fashion.

Tags: Facebook, Instagram, Giphy

This article, “Facebook Acquires GIF-Sharing and Creation Platform GIPHY for $400M” first appeared on MacRumors.com

Discuss this article in our forums

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Ghost blogging platform servers hacked to mine cryptocurrency – 10 minute mail

Ghost wasn’t the only victim of break-ins over the weekend that exploited critical holes in infrastructure automation software for which patches were available

The popular blogging platform Ghost has found itself in the crosshairs of attackers who gained access to its IT infrastructure and installed cryptocurrency-mining malware on it over the weekend. The intrusion occurred in the early hours of May 3rd and affected Ghost(Pro) websites and the platform’s billing services, reads a statement on Ghost’s website.

On the bright side, there’s no direct evidence to corroborate that any private customer data, including passwords, credit card information, or credentials, were compromised. The company immediately introduced a set of security measures to combat the breach, such as adding extra firewalls and cycling all sessions, passwords and keys on all of the affected services.

The attempt to mine cryptocurrency led to a spike in CPU usage and to the overloading of most of Ghost’s systems, which actually rang the alarm bells. “All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network. The team is now working hard on remediation to clean and rebuild our entire network,” said Ghost’s developer.

The investigation also found that the attackers exploited critical vulnerabilities in Ghost’s server management infrastructure. The vulnerabilities resided in Salt, infrastructure automation software also known as SaltStack, and were used to take over the Salt master server. Patches for these vulnerabilities – indexed as CVE-2020-11651 and CVE-2020-11652 – were released by the software maker in late April, but apparently weren’t applied in due course. Exploitation of the flaws allows the attacker to bypass all authentication and authorization controls and gain full remote command execution as root.

RELATED READING: Rough patch, or how to shut the window of (unpatched) opportunity

The company also added that it will continue to investigate the issue until it’s completely resolved and will be contacting all of its customers about the incident. The platform is home to blogs for the likes of Tinder, Mozilla and DuckDuckGo.

More trouble

According to a story broken by ZDNet, cybercriminals have been particularly busy exploiting the vulnerabilities in SaltServer to breach other unpatched installations, including those used for LineageOS. The distributor of this open-source operating system suffered an attack on May 2nd and notified its users about it in due course. Although the company didn’t go into specifics, the statement said that an attacker used a CVE to gain access to its SaltStack master. Some were quick to point out that the vulnerability had been disclosed for over a week and systems should have been patched well before the attack happened.

Reports of similar attacks were being shared on a SaltStack GitHub thread, with some adding that they detected cryptocurrency miners on their machines. According to one user in the thread, there are more than 6,000 Salt servers still exposed online that can be susceptible to the vulnerability.

Amer Owaida

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Russia to develop a video platform similar to Zoom – Disposable mail news

The Ministry of Digital Development, Communications and Mass Media of the Russian Federation will develop a similar Zoom platform for video communication by the beginning of the new school year. This was announced on Saturday by Minister of Education Sergey Kravtsov.

“Together with the Ministry of Digital Development, Communications and Mass Media, we are developing a new domestic product Digital educational environment, which will use only domestic developments, only domestic software, including a video platform similar to Zoom and Skype,” said the Minister.

The Minister stressed that such a platform is necessary in order to exclude problems related to the instability of foreign systems from the educational process. Kravtsov noted that, for example, the use of Zoom was abandoned in Singapore, because there was “unauthorized access to the education process”.

Recall that on March 14, in order to prevent coronavirus, it was recommended to transfer students to distance learning.

Note that the daily audience of the Zoom app in the world in March 2020 compared to December 2019 increased by 20 times.

In addition, Moscow senator Vladimir Kozhin drew the attention of the state to threats posed by Russians in self-isolation. He was talking about a huge array of personal data that now has to be transmitted online for various purposes. The senator believes that this information can become the goal of cybercriminals and lead to serious damage to citizens and businesses.

He proposed “to develop and adopt a number of amendments to the Criminal Code of the Russian Federation in the shortest possible time, seriously toughening the responsibility for such crimes.”

Earlier, Disposable mail news reported that users of the Zoom video conferencing service have become targets of hackers. Scammers create Zoom-disguised websites and malware to steal their personal data.

Moreover, hackers appeared in Networks that offer to issue digital passes for moving around the city on social networks.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Russian-Based Online Platform Taken Down By the FBI – Disposable mail news

The Federal Bureau of Investigation as of late brought down the Russian-based online platform DEER.IO that said to have been facilitating different cybercrime products and services were being sold according to announcements by the Department of Justice.

The Russian-based cyber platform known as DEER.IO has for quite some time been facilitating many online shops where illicit products and services were being sold.

A little while back, there happened the arrest of Kirill Victorovich Firsov as revealed by authorities, he was the supposed main operator behind Deer.io, a Shopify-like stage that has been facilitating many online shops utilized for the sale of hacked accounts and stole user data. Convicts ware paying around $12/month to open their online store on the platform.

When the ‘crooks’ bought shop access through the DEER.IO platform, a computerized set-up wizard permitted the proprietor to upload the products and services offered through the shop and configure the payment procedure by means of cryptocurrency wallets.

Arrested at the John F. Kennedy Airport, in New York, on Walk 7, Firsov has been arrested for running the Deer.io platform since October 2013 and furthermore publicized the platform on other hacking forums.

“A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” – the official statement distributed by the DoJ.

While Feds looked into around 250 DEER.IO stores utilized by hackers to offer for sales thousands of compromised accounts, including gamer accounts and PII documents containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses.

A large portion of the casualties is in Europe and the US.

The FBI agents effectively bought hacked information from certain stores facilitated on the Deer.io platform, offered data were authentic as indicated by the feds.

When asked to comment for the same FBI Special Agent in Charge Omer Meisel states, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the Internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.”

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

How to choose the right e-commerce platform – 10 minute mail

In e-commerce, there is no one solution that fits every online store perfectly. When it comes to picking an e-commerce platform, there are many aspects of your business that need to be taken into consideration before you can make an informed decision. In this article, we have gathered some key points that can help you decide on a platform that suits you best.

E-commerce platform

1. Define what you are

The first step is to define what you are. First off, will you sell physical or digital goods? This may not have much to do with security, but it is good starting point that can help you narrow down and evaluate your options.

How many different products will you offer? If you go with a webshop-as-a-service solution, the price often varies depending on the amount of products. The question that naturally follows is whether what you want is an online store with the primary goal of selling a range of different products or a website with a lot of information and just a few products. Most CMS solutions available on the market today offer e-commerce support, which makes them a great alternative for businesses looking to focus on content rather than just e-commerce.

2. Budget

How much are you prepared to spend? This is something that might seem obvious, but it is a good idea to plan your budget before you start looking into different e-commerce platforms. Without a budget, you might end up picking something unnecessarily expensive, or settle on a cheaper option that doesn’t give you all the functionality you need. That said, a strict budget is not optimal either; if possible, aim for flexibility that leaves room for negotiation.

3. Self-hosted or shop-as-a-service

There are two main categories of e-commerce solutions and your options here depend on your technical competence. The first one is the self-hosted shop where you host everything on your own server and the alternative is the shop-as-a-service where you pay a monthly fee and leave the e-commerce magic to your platform provider.

Opting for a shop-as-a-service solution allows you to focus on running your business and let experts deal with running the site. Drifting an online store and making sure everything is up-to-date can be much harder than it sounds, so we would recommend choosing the shop-as-a-service option. Even if you are technically proficient or can hire someone who is, avoiding the hassle of hosting your online store can save you both time and money.

The main takeaway here is that there is no good reason to host your e-commerce site unless it’s absolutely necessary.

4. Security

Always look up the reputation of the service or platform that you plan to use. History is not everything, but repeated cases of security breaches often indicate a pattern. In this case, the best course of action is to do some research and ask a security expert for their opinion. Be aware that this could backfire as well, as people sometimes say they know more than they do.

While we, of course, believe that security is extremely important, it is vital to keep in mind that it is just one of the parameters to consider. When choosing an e-commerce platform, the decision needs to balance a large number of criteria. The most secure solution would most likely be host a .txt-file with instruction to email orders, but this is obviously not the best or most user-friendly option for an e-commerce business.

Disposable mail scans your website for over 700 vulnerabilities and can help you monitor your e-commerce solution’s security status. Sign up for a free 14-day trial and check if your site is vulnerable »

5. Vulnerabilities specific to e-commerce

If you coded your e-commerce solution yourself or are in any way technically involved in running your online store, it’s important to map out business logic-specific vulnerabilities alongside the more general security issues.

For example, an attacker might be able to figure out your stock levels by adding a product to their shopping cart until the website says the product is out of stock. Information about your inventory could be used by a competitor to plan future campaigns. These vulnerabilities are difficult to find using automation, but being aware of them and knowing how to spot them can help you keep your store safe.

6. Realise that consumers trust you

As an online retailer you want to have as little to do with credit card credentials as possible. However, even if you are using an external payment processor and technically have very little to do with the transaction, users do not see it that way. If you were to be hacked and someone switched out the payment process with a link to their own faked payment processor, a regular user could not tell the difference.

As soon as you start selling products online, you get a lot more attention from potential attackers. At the same time, your customers need to know that you are worthy of their trust. This is an issue you need to tackle regardless of whether you are hosting your own platform or using a dedicated solution, but again, the shop-as-a-service option is probably the best alternative for the majority of e-commerce businesses.

7. How long should the store be online?

We often find forgotten sites left behind after a limited campaign that has expired. These sites are rarely up-to-date and are often vulnerable, but can still contain sensitive customer information. If the shop you are setting up is used for a campaign that will eventually expire, make sure you are able to successfully delete it afterwards. This should be a relatively easy task, but it is often forgotten, leaving sensitive information at risk.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.