Skip to content
Naked Security Naked Security

News in brief: Twitter pays $7,500 bounty; China gets ‘tweaked’ Windows; how to hide passwords

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

Twitter pays bug bounty and patches flaw

Twitter has patched a vulnerability that allowed an attacker to pose as another user and post as if from their account. The flaw, according to Motherboard, was in Twitter’s Ad Studio, which allowed advertisers to upload media.

The bug, which was discovered in February and quickly patched, is described in detail by kedrisch, the researcher who discovered it – and reported it to Twitter.

An attacker could target another Twitter user first by sharing media with them and then modifying the post request with the victim’s account ID.

The researcher was awarded a bug bounty of $7,500 – but a former Twitter exec, Charlie Miller, tweeted that he was “not shocked” that this vulnerability was in code from the ads team.

Redmond creates Chinese version of Windows 10

Chinese government officials are getting a custom version of Windows 10 built by Microsoft for Beijing, the Redmond software giant said earlier this week.

A blog post from Terry Myerson of Microsoft’s Windows and Devices group was a bit sparse on details of what tweaks Redmond has made for the Chinese government.

Myerson said that as a result of “earnestly co-operating” with Beijing, they had built the “China Government Edition [that] will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates and to enable the government to use its own encryption algorithms within its computer systems”.

Big technology companies have struggled with China’s heavy-handed approach to their products: many platforms such as Facebook and Google are banned in China, while China has demanded to see the source code of products. Microsoft had joined big tech hitters including Intel in declining to share their code, but it seems now that Redmond and Beijing have come to an agreement.

Password manager creates ‘travel mode’

We’re fans of password managers here at Naked Security, and we’ve also been covering the ongoing issues of travellers being asked to hand over their phones and passwords to immigration officials, so we’re pleased to see that one app has come up with a way to protect your sensitive passwords from prying eyes at a border.

1Password has come up with what it’s calling Travel Mode: before you leave home, you add the passwords you might not mind sharing to into a “safe for travel” vault in the app, then turn on travel mode. At that point, all your other passwords are removed from the device.

Then, when you’re safely over the border and customs officials have finished with your phone, you turn off travel mode and all your more sensitive passwords are restored to the device.

It’s not foolproof – a smart customs official could ask you to disable travel mode – but it could help you keep sensitive passwords safe while you travel.

Catch up with all of today’s stories on Naked Security


“…China has demanded to see the source code of products…” That’s not the half of it; they also demand the technical designs of all products built there, making it impossible for foreign companies to maintain the secrecy of their designs. On top of that, the government steals trade secrets from other countries, secrets that others have poured countless hours of work and billions of dollars into developing. People have no idea how superior the Chinese government feels nor how immoral or power hungry it is. Every action they’ve taken is part of a plan to dominate the entire world. Colonialism? You haven’t seen anything yet. They need to be stood up to very firmly by other countries if they are to be stopped.


It’s still a business deal and Microsoft is a money making company. For consumer protection reasons itself software should be in the open sourced.

Hopefully the Government will learn that our rights are protected if we are in the country. Being at an entry point airport, harbor or boarder crossing in the US, you still have your rights. This is illegal search and seizer. No matter how the Government tries to get your data they will always be behind the state of the art, as legislation cannot move fast enough. Unless they roll over us with a steam roller and outlaw encryption. This will eliminate the US from continuance in the world technology market. At some point it will be similar to a crook dropping the items overboard in miles of seawater. No way to reach it. If you’ve been around computers very long, sometimes you lose stuff and it’s unrecoverable. Of course when this does happen, it’s from a human failure usually…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!