Oracle's bad faith with security researchers led to publication of a Virtualbox 0-day

In the debate over "responsible disclosure," advocates for corporate power say that companies have to be able to decide who can reveal defects in their products and under which circumstances, lest bad actors reveal their bugs without giving them time to create and promulgate a patch. Read the rest

Methbot: a $3M-$5M/day video ad-tech fraud

White Ops, a security firm, has published a detailed report on a crime-ring they call "Methbot" that generated $3M-$5M by creating 6,000 fake websites to embed videos in, then generating convincing bots that that appeared to watch 300,000,000 videos/day -- running virtual instances of various browsers (mostly Chrome) on virtual machines running MacOS X, from a huge pool of IP addresses that they fraudulently had assigned to US locations, deploying clever grace-notes like limiting access to "daylight" hours in their notional locations; simulating mouse-movements and clicks and more. Read the rest