Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Apple rewards Indian man $1,00,000 for discovering zero-day vulnerability

A new zero-day vulnerability was recently pointed out in Apple’s “sign in with Apple” authentication page. The man from Telangana, India now claims to have been paid $100,000 (about Rs 75 lakh) by the US-based tech giant under its Security Bounty program.

The vulnerability affects third-party apps that use Apple’s authentication, but do not have any security measures of their own. Once exploited, the vulnerability would allow attackers to take full control over user accounts on third-party applications.

Watch: Weekly News Roundup – May 29

Bhavuk Jain, the programmer, also added as per a report by LiveMint that Apple conducted an investigation of its logs after discovering the vulnerability and found that it had not been misused and that no accounts were compromised because of it. Jain further explains in his blog that the “sign in with Apple” function works similar to Oauth 2.0, by authentication a user by either using a JWT or a code generated by Apple’s own server.

Jain discovered that attackers could actually forge a JWT by linking any Email ID to it and gain access to a user’s app account. The attackers could have requested JWTs for any Email ID from Apple. Further, when the signature of these tokens were verified using Apple’s public key, they showed as valid.

Sign in with Apple

Since Apple made it mandatory for apps that did not support third-party logins, many developers have made use of the “sign in with Apple” service for their apps. The feature allows users to sign in to apps and websites by using their Apple IDs instead of their social media IDs.

Get customised Apple MacBooks, iMac in India now

Also Read

Get customised Apple MacBooks, iMac in India now

The service became instantly popular. Unlike various third-party sign-ins, Apple’s authentication allowed users the option to not share their Email IDs, instead of generating a random Email ID for them. This helped strengthened user privacy by making sure that the real Email IDs did not fall into the wrong hands. This also made users browsing through the web feel less exposed.



from BGR India https://ift.tt/2McwDZZ
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add