Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code. The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.
Uber told TechCrunch this afternoon that it still uses a form of this device fingerprinting, saying they need a way to identify those devices which committed fraud in the past -- especially in China, where Uber drivers used stolen iPhones to request dozens of rides from themselves to increase their pay rate. It's been modified to comply with Apple's rules, and "We absolutely do not track individual users or their location if they've deleted the app..." an Uber spokesperson said. "Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users."
The article offers a longer biography of Kalanick, who dropped out of UCLA in 1998 to start a peer-to-peer music-sharing service named Scour. (The service eventually declared bankruptcy after being sued for $250 billion for alleged copyright infringement.) Desperately trying to save his next company, Kalanick "took the tax dollars from employee paychecks -- which are supposed to be withheld and sent to the Internal Revenue Service," according to the Times, "and reinvested the money into the start-up, even as friends and advisers warned him the action was potentially illegal." The money eventually reached the IRS as he "staved off bankruptcy for a second time by raising another round of funding." But the article ultimately argues that Kalanick's drive to win in life "has led to a pattern of risk-taking that has put his ride-hailing company on the brink of implosion."
Google paid $3 million last year through its own bounty program, according to HackerOne's CEO Marten Micko, who touts his company's "turn-key" solution -- a platform which now offers the services of 100,000 ethical (and vetted) hackers. "With a diverse group, all types of vulnerabilities can be found," Micko told TechRepublic. "This is a corollary to the 'given enough eyeballs' wisdom... they find them faster than other solutions, the hunting is ongoing and not happening at just one time, and the cost is a tenth of what it would be with other methods." And one of the platform's white hat hackers has already earned over $600,000 in just two years.
The researchers then checked for the code in GitHub repositories, and concluded that "there is a substantial, if not causal, link between insecure tutorials and web application vulnerabilities." Their paper is titled "Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery."
Homeland security expert Michael Greenberger told one CBS station that "My best guest is that when this is all said and done we're going to find out that this was done by a contractor, not by an employee of the CIA."
Microsoft is claiming that when customers connect to Office 365 services using a legacy version of Office, "they're not enjoying all that the service has to offer. The IT security and reliability benefits and end user experiences in the apps is limited to the features shipped at a point in time. To ensure that customers are getting the most out of their Office 365 subscription, we are updating our system requirements." And in another blog post, they're almost daring people to switch to Linux. "Providing over three years advance notice for this change to Office 365 system requirements for client connectivity gives you time to review your long-term desktop strategy, budget and plan for any change to your environment."
In a follow-up comment, Microsoft's Alistair Speirs explained that "There is still an option to get monthly desktop updates, but we are changing the 3x a year update channel to be 2x a year to align closer to Windows 10 update model. We are trying to strike the right balance between agile, ship-when-ready updates and enterprise needs of predictability, reliability and advanced notice to validate and prepare."
According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.