White hat hackers "are in very high demand," says PwC's director of cyber investigation and breach response, in a New York Post article titled "Companies are paying millions to get hacked -- on purpose." An anonymous reader quotes their report: HackerOne, a San Francisco-based "vulnerability coordination and bug bounty platform," reports that it has some 800 corporate customers who paid out more than $15 million in bonuses to white-hat hackers since its founding in 2012. Most of that bounty was paid in the past two years, as companies have become more aware of their cyber vulnerabilities. Clients that have used the platform include General Motors, Uber, Twitter, Starbucks and even the US Department of Defense. Google paid $3 million last year through its own bounty program, according to HackerOne's CEO Marten Micko, who touts his company's "turn-key" solution -- a platform which now offers the services of 100,000 ethical (and vetted) hackers. "With a diverse group, all types of vulnerabilities can be found," Micko told TechRepublic. "This is a corollary to the 'given enough eyeballs' wisdom... they find them faster than other solutions, the hunting is ongoing and not happening at just one time, and the cost is a tenth of what it would be with other methods." And one of the platform's white hat hackers has already earned over $600,000 in just two years.

Read more of this story at Slashdot.

White hat hackers "are in very high demand," says PwC's director of cyber investigation and breach response, in a New York Post article titled "Companies are paying millions to get hacked -- on purpose." An anonymous reader quotes their report: HackerOne, a San Francisco-based "vulnerability coordination and bug bounty platform," reports that it has some 800 corporate customers who paid out more than $15 million in bonuses to white-hat hackers since its founding in 2012. Most of that bounty was paid in the past two years, as companies have become more aware of their cyber vulnerabilities. Clients that have used the platform include General Motors, Uber, Twitter, Starbucks and even the US Department of Defense. Google paid $3 million last year through its own bounty program, according to HackerOne's CEO Marten Micko, who touts his company's "turn-key" solution -- a platform which now offers the services of 100,000 ethical (and vetted) hackers. "With a diverse group, all types of vulnerabilities can be found," Micko told TechRepublic. "This is a corollary to the 'given enough eyeballs' wisdom... they find them faster than other solutions, the hunting is ongoing and not happening at just one time, and the cost is a tenth of what it would be with other methods." And one of the platform's white hat hackers has already earned over $600,000 in just two years.

Read more of this story at Slashdot.

This week I saw again a PDF containing a malicious Word document with macros (a downloader).

The PDF contains JavaScript to extract the malicious Word document and launch Word. The user is prompted before this action takes place, but if you want to mitigate this, you can disable JavaScript. If you use Adobe Reader version 15.009.20069 or later, then the extracted Word document is marked with a mark-of-web, regardless if the containing PDF document is marked as such.

I made a video of the analysis of this document.

%%cve:2017-0199%%

There has been a lot of talk about RTF documents exploiting CVE-2017-0199, making Word download and execute an HTML application without requiring any user interaction (except taking the document out of Protected View, depending on the presence of a mark-of-web). And this without VBA macros (RTF does not support VBA macros).

After applying Microsofts patch for CVE-2017-0199, a downloaded HTA is no longer executed, but it is still downloaded without user interaction. The attention that the RTF auto-update technique received (employed for delivering a CVE-2017-0199 exploit), will certainly stimulate the use of this technique for other purposes, like tracking.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This week I saw again a PDF containing a malicious Word document with macros (a downloader).

The PDF contains JavaScript to extract the malicious Word document and launch Word. The user is prompted before this action takes place, but if you want to mitigate this, you can disable JavaScript. If you use Adobe Reader version 15.009.20069 or later, then the extracted Word document is marked with a mark-of-web, regardless if the containing PDF document is marked as such.

I made a video of the analysis of this document.

%%cve:2017-0199%%

There has been a lot of talk about RTF documents exploiting CVE-2017-0199, making Word download and execute an HTML application without requiring any user interaction (except taking the document out of Protected View, depending on the presence of a mark-of-web). And this without VBA macros (RTF does not support VBA macros).

After applying Microsofts patch for CVE-2017-0199, a downloaded HTA is no longer executed, but it is still downloaded without user interaction. The attention that the RTF auto-update technique received (employed for delivering a CVE-2017-0199 exploit), will certainly stimulate the use of this technique for other purposes, like tracking.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Startup Eternime, founded by MIT fellow Marius Ursache, is still working on "immortal avatars" that, after your death, will continue interacting with your loves ones from beyond the grave. An anonymous reader quotes CNET: Give Eternime access to your social media profiles and the startup's algorithms will scrape your posts and interactions to build a profile... The algorithms will study your memories and mannerisms. They'll learn how to be "you"... Eternime was announced in 2014 after Ursache developed the idea during the MIT Entrepreneurship Development Program. He wasn't entirely sure if he should develop the project further and wanted to get a sense of public reaction. In the first four days, 3,000 people signed up at Eterni.me, the company's website, for a private beta. Then, Urasche received an email from a man dying of terminal cancer. "Eternime, he wrote, was the last chance to leave something behind for friends and family," Urasche told me. "That was the moment I decided that this was something worth dedicating my life to"... Since 2014, the Eternime website has largely been silent, although it continues to take names of people who want to test the service. Ursache says the Eternime team has been refining the product over the last two years, testing features, figuring out what will work and what won't. "The private beta test is ongoing," according to the article, "and Ursache says the feedback has been positive." But unfortunately, the service still isn't operational yet.

Read more of this story at Slashdot.

Startup Eternime, founded by MIT fellow Marius Ursache, is still working on "immortal avatars" that, after your death, will continue interacting with your loves ones from beyond the grave. An anonymous reader quotes CNET: Give Eternime access to your social media profiles and the startup's algorithms will scrape your posts and interactions to build a profile... The algorithms will study your memories and mannerisms. They'll learn how to be "you"... Eternime was announced in 2014 after Ursache developed the idea during the MIT Entrepreneurship Development Program. He wasn't entirely sure if he should develop the project further and wanted to get a sense of public reaction. In the first four days, 3,000 people signed up at Eterni.me, the company's website, for a private beta. Then, Urasche received an email from a man dying of terminal cancer. "Eternime, he wrote, was the last chance to leave something behind for friends and family," Urasche told me. "That was the moment I decided that this was something worth dedicating my life to"... Since 2014, the Eternime website has largely been silent, although it continues to take names of people who want to test the service. Ursache says the Eternime team has been refining the product over the last two years, testing features, figuring out what will work and what won't. "The private beta test is ongoing," according to the article, "and Ursache says the feedback has been positive." But unfortunately, the service still isn't operational yet.

Read more of this story at Slashdot.

Perl bindings to the LabOne API of Zurich Instruments

Perl bindings to the LabOne API of Zurich Instruments

Perl bindings to the LabOne API of Zurich Instruments

Perl bindings to the LabOne API of Zurich Instruments

Sample Morbo Inotify watcher

Sample Morbo Inotify watcher

Sample Morbo Inotify watcher