In this bulletin from Microsoft, they publicly address a vulnerability that could possibly allow a program to open another program. If you save a file such as .txt, .rtf, .doc, and open it, then under certain conditions, the file will be open other files and run it. This exploitation could allow attackers to gain access to the users information because if there happened to be a corrupted file on your hard drive, one of the files that could be potentially ran is the corrupted file.
Because most users have automatic updates through Microsoft, this takes care of most of the problems. However, those who do not have automatic updates need to check for the updates.
This vulnerability is completely preposterous. How incompetent are Microsoft’s programmers that they are not able to catch something like this before the final program is released to the public? Opening something as simple as a text file should never, under any circumstances, be a vulnerability.
Back in February the Defense Advanced Research Projects Agency (DARPA) launched a program called ‘Cyber Fast Track’ to help build its cyber security efforts. Each year the program is expected to fund almost a hundred cyber security and software research projects. By funding programs like these, the government hopes to build relations with the hacker community in order to build a stronger defense system.
According to the article, DARPA researchers found that an everyday hacker could create a code consisting of 125 lines that could crack 10 million lines of code. So, a hacker could be really useful in strengthening the security efforts for the government.
It’s about time that the government is on the same side as the hacker community, but this also brings to question. Are hackers willing to be on the same side for a simple paycheck? Or are they better off on their own and getting access to information more valuable than that paycheck? It’s really up to the hackers if they want to do good to get the goods or be bad to get better goods.
Hackers Wanted for Cyber Fast Track
The National Intelligence Service (NIS) in South Korea has admitted to packet tapping Gmail, even through the HTTPS protocol. Packet tapping is a method of viewing a user’s transmitted data in real time. Gmail originally switched to HTTPS in 2010 after China was found packet tapping their unsecured HTTP protocol. If the claims are true, it will be the first time that someone has broken HTTPS, which was previously thought to be nearly impossible.
Cyber crimes are being committed across the web every minute of everyday. The extraordinary fact is that these attacks are not only effecting everyday citizens but also giants in the cyber security field.
“48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked.” – The daily beast
Financial services are getting hacked and stolen from in mass proportions along side the FBI, the CIA and many more big and important organizations.. The situation is so embarrassing and the smartest and the brightest minds in cyber security are getting owned everyday.
What is the problem and what is the solution? Why do hackers even do what they do? It’s possibly the sensation of achievement or the money that can be made. Maybe both!