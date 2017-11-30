HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Ultimately, Finisterre received an e-mail containing an agreement contract that he said “did not offer researchers any sort of protection. For me personally, the wording put my right to work at risk, and posed a direct conflict of interest to many things including my freedom of speech.” It seemed clear to Finisterre that “the entire ‘Bug Bounty’ program was rushed based on this alone,” he wrote.

“At one point… DJI even offered to hire me directly to consult with them on their security,” Finisterre wrote.

But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA).

developers had left the private keys for both the “wildcard” certificate for all the company’s Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub

Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.

The Electronic Frontier Foundation guide to Assessing Your Risks

… if you come away with one lesson from this guide is: update, update, update, or patch, patch, patch.

Use a password manager

Two factor authentication: You should, if the website allows it, use another 2FA option that isn’t SMS-based, such as an authentication app on your smartphone (for example, Google Authenticator, DUO Mobile, or Authy), or a physical token. If that option is available to you, it’s great idea to use it.

use an ad blocker (e.g. uBlock Origin). Why? A great deal of malware comes through ads.

Get an iPhone and don’t jailbreak it

Use Signal instead of WhatsApp