Naked Security Naked Security

News in brief: PCs’ PCs still running XP; bug-hunters cashing in; airport security stepped up

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

Thousands of PCs’ PCs running on XP

More than half of the computers in London’s Metropolitan Police force are still running on Windows XP, according to London’s mayor Sadiq Khan. That admission comes a year after the force had pledged to upgrade them to supported versions of Windows.

The mayor told Steve O’Connell of the London Assembly in a written response that a total of 18,293 of the force’s 32,751 desktops are on XP.

O’Connell said on Tuesday: “The Met is working towards upgrading its software, but in its current state it’s like a fish swimming in a pool of sharks.”

There’s increased concern about the number of PCs running out of date versions of Windows in the light of the WannaCry ransomware attack, which focused attention on the number of devices running the unsupported version of Microsoft’s operating system in the NHS and elsewhere.

Microsoft has since released patches for XP and Windows Server 2003, which is also no longer officially supported, to protect against the EternalBlue exploit used by WannaCry and this week’s Petya outbreak.

Bug-hunters cashing in

Bug-hunters have been doing well out of bug bounty programmes, according to a report from HackerOne, with companies paying out nearly $1m to some researchers who report vulnerabilities.

The HackerOne report looks at bounty programmes run by companies from Airbnb and Uber to Intel, Lufthansa and the US Department of Defense, and – perhaps unsurprisingly – found that the tech sector pays the biggest bounties, of up to $900,000 a time.

Yet while the use of bounty programmes has been growing, there are still many organisations that don’t use them, found the report, which surveyed 800 companies: 94% of the Forbes Global 2000 list don’t have a bounty programme in place, with just 8% of the airlines on that list having a scheme and only one eaterie: Starbucks.

So if you’re a bug-hunter, it’s worth having a look at which companies offer bounties: you’ll be helping them harden their defences and you could make a bit of extra cash in the bargain.

Kelly steps up airport security

Yes, the laptop ban again. Though the good news is that the laptop ban itself isn’t being extended, although travellers to the US do face tighter security restrictions.

Homeland security secretary John Kelly said that passengers will face increased scrutiny at their departure airports as a way to address what officials say is an increased threat without having to extend the existing laptop ban. That increased scrutiny will include further screening of devices, more thorough vetting of passengers and other steps designed to stop what Kelly called “insider attacks”.

The ban on tablets and laptops remains for the eight countries and 10 airports covered by the existing rule. Kelly was deliberately vague about what the additional steps would be, and added that “we cannot play whack-a-mole with each new threat”.

The new rules apply to anyone arriving in the US from 280 airports in 105 countries, and will affect some 325,000 passengers every day, and are due to take effect within three weeks.

Catch up with all of today’s stories on Naked Security