News in brief: Twitter pays $7,500 bounty; China gets ‘tweaked’ Windows; how to hide passwords

Your daily round-up of some of the other stories in the news

Twitter pays bug bounty and patches flaw

Twitter has patched a vulnerability that allowed an attacker to pose as another user and post as if from their account. The flaw, according to Motherboard, was in Twitter’s Ad Studio, which allowed advertisers to upload media.

The bug, which was discovered in February and quickly patched, is described in detail by kedrisch, the researcher who discovered it – and reported it to Twitter.

An attacker could target another Twitter user first by sharing media with them and then modifying the post request with the victim’s account ID.

The researcher was awarded a bug bounty of $7,500 – but a former Twitter exec, Charlie Miller, tweeted that he was “not shocked” that this vulnerability was in code from the ads team.

Redmond creates Chinese version of Windows 10

Chinese government officials are getting a custom version of Windows 10 built by Microsoft for Beijing, the Redmond software giant said earlier this week.

A blog post from Terry Myerson of Microsoft’s Windows and Devices group was a bit sparse on details of what tweaks Redmond has made for the Chinese government.

Myerson said that as a result of “earnestly co-operating” with Beijing, they had built the “China Government Edition [that] will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates and to enable the government to use its own encryption algorithms within its computer systems”.

Big technology companies have struggled with China’s heavy-handed approach to their products: many platforms such as Facebook and Google are banned in China, while China has demanded to see the source code of products. Microsoft had joined big tech hitters including Intel in declining to share their code, but it seems now that Redmond and Beijing have come to an agreement.

Password manager creates ‘travel mode’

We’re fans of password managers here at Naked Security, and we’ve also been covering the ongoing issues of travellers being asked to hand over their phones and passwords to immigration officials, so we’re pleased to see that one app has come up with a way to protect your sensitive passwords from prying eyes at a border.

1Password has come up with what it’s calling Travel Mode: before you leave home, you add the passwords you might not mind sharing to into a “safe for travel” vault in the app, then turn on travel mode. At that point, all your other passwords are removed from the device.

Then, when you’re safely over the border and customs officials have finished with your phone, you turn off travel mode and all your more sensitive passwords are restored to the device.

It’s not foolproof – a smart customs official could ask you to disable travel mode – but it could help you keep sensitive passwords safe while you travel.

Catch up with all of today’s stories on Naked Security