program

  • Optus says it is working to improve the experience of migrating to the NBN, with the telco’s CEO, Allen Lew, today revealing details of an initiative to smooth the transition to the new network. In notes prepared for an address to ACCANect, the conference of the Australian Communications Consumer Action Network (ACCAN), Lew revealed that the telco has invested “tens of millions of dollars” in the “Optus NBN champion” program. The program is designed to address a range of frustrations encountered by customers during the migration to the NBN. Those include confusion caused by the hand-off between sub-contractors, NBN Co and retail service providers (RSPs), struggles with installation and chasing answers to questions, lengthy activation processes, and a lack of visibility of the process for customers. “We are proactively reaching out to existing customers who are migrating to the NBN to reassure them that one person will manage their order from receipt right through to completion and for the first 30 days of activation,” Lew said. “This isn’t a promise to do; we have been embedding this since May and slowly building scale so that we can offer it to all our customers.” The CEO said that, over the last 18 months, Optus has made “significant changes” to its operations “to ensure the customer is at the centre of every decision we make”. That includes the launch of a “customer academy” for employees. “Our call centre agents now have more training and more authority, so they can solve issues without having to transfer calls so customers aren’t passed around,” Lew said. “We have added more agents, too. This means we have massively reduced our wait times. In fact, we just received new stats that our average wait time – which a year ago was a completely unacceptable – is now...
  • A second zero-day vulnerability has been publicly disclosed in the Steam gaming client by security researcher Vasily Kravets after he said he was banned from its bug-bounty program. The revelations come two weeks after another zero-day previously disclosed by Kravets and researcher Matt Nelson was disputed by Valve, Steam’s parent company. The flaw (CVE-2019-14743), which affects Windows versions of the client, concerns a privilege escalation (aka elevation of privilege or local privilege escalation) bug that makes it possible for other apps, and potentially malware, on a user’s computer to run code with system privileges. As a result, a threat actor could exploit this vulnerability to remotely execute malicious code on the target device by elevating its permissions using Steam‘s system rights. “Achieving maximum privileges can lead to much more disastrous consequences,” Kravets wrote. “For example, disabling firewall and antivirus, rootkit installation, concealing of process-miner, theft [of] any PC user’s private data — is just a small portion of what could be done.” Valve banned me on their H1 program.So…I release new #ZeroDay #PublicDisclosure EoP vulnerability at Steam.Another #0day.Rus – https://t.co/jAoq5kCTfFEng – https://t.co/FfGXltXmpX — Felix aka [xi-tauw] (@PsiDragon) August 20, 2019 The digital PC games storefront has over 90 million monthly active users, with Windows OS accounting for nearly 96.28 percent of all Steam installations. Although Valve initially declined to resolve the vulnerability, Kravets’ public disclosure of the zero-day prompted the company to issue a fix on August 9 (“Fixed privilege escalation exploit using symbolic links in Windows registry”). But it appears the patch didn’t solve the problem. As researcher Xiaoyin Liu detailed in a write-up, the fix can be bypassed to exploit the flaw again. That’s not all. Kravets, who got barred from the HackerOne bug-bounty platform following the public disclosure, ended up finding a second privilege escalation flaw that allows...