DoublePulsar: The Leaked NSAExploit Kit Spreading In The Wild

Discussion in 'Weekly Briefing' started by zeadmin, May 2, 2017.

  1. zeadmin

    zeadmin Administrator Staff Member

    In this issue:
    • DoublePulsar: The Leaked NSAExploit Kit Spreading in the wild
    • Uber employs private intelligence firm to datamine your inbox
    • Browsers vulnerable to IDN phishing vulnerability
    • Meet the AI that wrote all of David Hasselhoff's lines in his latest film
    • Introducing TheWeb.Zone: Webhosting by Zoneedit is here.

    DoublePulsar: The leaked NSA exploit kit spreading in the wild

    The second ShadowBrokers leak of proprietary NSA hacking tools contains a Windows exploit kit dubbed DoublePulsar. DoublePulsar allows an attacker to remotely execute arbitrary shell code on the compromised machine. Described as the most critical Windows vulnerability since the Conflicker Worm (over 10 years ago), experts report that 3.1% of vulnerable hosts are already infected since the NSA toolkit was leaked on April 7. (Can we also just pause for a moment to digest with the reality that the government has an entire agency that not only vacuums their own citizen's communications and data, but also employs hackers who are actively penetrating our security systems?)

    Read: https://threatpost.com/nsas-doublepulsar-kernel-exploit-in-use-internet-wide/125165/

    (TL,DR if you're running a Windows SMB Server make sure you have the MS17-1010 Critical Patch applied.)


    Uber employs private intelligence firm to datamine your inbox

    In addition to recent PR problems such as the video of their CEO getting into it with one of his own drivers and allegations of systemic sexual harassment rampant inside the company, details emerged that Uber has been employing the services of Slice Intelligence's "unroll.me" to datamine users emails (namely emailed ride receipts of them and their competitor Lyft).

    What does this mean?


    Slice Intelligence is a private competitive intelligence firm dressed up as a free service called "unroll.me" which users install on their email boxes to help them manage subscriptions to all those newsletters. What they probably don't realize is that the service data mines their mailbox with an eye toward selling analytics to companies like Uber. Unroll discloses this practice in the "Collection and Use of Non-Personal Information" section of their Privacy Policy. Remember the old adage folks "If you aren't paying for the product, you are the product".

    Maybe business guru (and easyDNS customer) Jason Jennings is correct when he forecasts that Lyft will eventually prevail over Uber owing largely to a more ethically grounded culture baked-in to the smaller rival.

    Read: https://theintercept.com/2017/04/24/stop-using-unroll-me-right-now-it-sold-your-data-to-uber/

    (P.S In case you were wondering, neither the easyDNS Plain English Terms of Service or privacy policy grants us the right to datamine your easyMail mailboxes. Or anything else you may have here.)


    Browsers vulnerable to IDN phishing vulnerability

    IDN domains enable URLs and domains to exist in non-English, non-UTF-8 character sets. One "Gotcha" has emerged in that the puny code strings in the internationalized character sets, when rendered as unicode in the browsers location bar, may be indistinguishable to the human eye from completely different English language strings.

    What this means is that while you ordinarily wouldn't enter your iCloud credentials into xn—80ak6aa92e.com, once your browser renders that in the location bar as "apple.com", maybe you would!

    Read: http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html


    Meet the AI that wrote all of David Hasselhoff's lines in his latest film

    Having recently been turned from an AI skeptic to an AI believer ("believer" in the sense that I now think AI will happen although I'm not sure I actually want it to happen…), I found the fact that all of David Hasselhoff's lines in his latest short film were written by an Artificial Intelligence a sign of the times.

    (It reminded me of Gregory Rawlins's "Moths to a Flame" book, written in the mid-90's which was extremely prescient and ahead of its time. Rawlins saw all of this coming. His book is still relevant today, perhaps even more so…)

    Read: https://singularityhub.com/2017/04/26/david-hasselhoff-stars-in-a-new-short-film-and-all-his-lines-were-written-by-ai/


    Introducing TheWeb.Zone: Webhosting by Zoneedit is here.

    We are thrilled to announce we are now offering cPanel based web hosting, based in Canada on our rock-solid infrastructure. You add web hosting from within your Zoneedit member control panel or learn more about it via http://TheWeb.zone/.
     

Share This Page