Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Microsoft awards around Rs 37 lakhs bounty to Chennai-based security researcher: Here’s the reason

Microsoft has awarded a bounty of $50000 (around Rs 37 lakhs) to a Chennai-based security researcher, Laxman Muthiyah for drawing attention to a “potential vulnerability” on Microsoft online services. Muthiyah wrote in a blog post that the vulnerability might have allowed anyone to take over any Microsoft account on the company’s online services without consent permission.

The issue has since then been patched by the Microsoft security team. The bounty was rewarded to Muthiyah as part of Microsoft’s Identity Bounty Program. The security researcher said that the vulnerability in Microsoft online services was similar to a loophole in Instagram that was discovered by him previously.

Microsoft awards $50000 to Chennai-based developer: What was the loophole?

Muthiyah was to potentially take over anyone’s account on Microsoft online services by exploiting a vulnerability where a user needs to enter a 7-digit code sent on their email address or phone number to reset their password, in their forgot password page.

“Once we receive the 7 digit security code, we will have to enter it to reset the password. Here, if we can bruteforce all the combination of 7 digit code (that will be 10^7 = 10 million codes), we will be able to reset any user’s password without permission,” he explained.

“But, obviously, there will be some rate limits that will prevent us from making large number of attempts.” However, after a few days of effort, he was successfully able to spot the flaw that allowed him to take over someone’s account on Microsoft online services.

Microsoft patched the issue in November

“Immediately, I recorded a video of all the bypasses and submitted it to Microsoft along with detailed steps to reproduce the vulnerability. They were quick in acknowledging the issue,” the researcher pointed out. According to the researcher, Microsoft patched the issued in November 2020. Consequently, Muthiyah was awarded a bounty of $50,000 on February 9, 20201, he revealed.



from BGR India https://ift.tt/2OnjyBt
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add