First things first: The Hacking Team, an Italian spyware company, got hacked a few days ago. Talk about irony, right? About 400 GB of their confidential data has been leaked online for the whole world to see. One of the many things that were revealed was that the company was working with companies and governments with which it previously denied doing so. Just to mention a few: Kazakhstan, Uzbekistan, Saudi Arabia, United Arad Emirates, Russia, etc. Many of these countries have been criticized for their aggressive methods of citizen surveillance, both on the inside and on the outside of their borders. They also have had or currently have contracts with the DEA, the US Army and the FBI. And it doesn’t stop here. Their e-mails revealed deals with even more human rights offenders like Bangladesh’s Rapid Action Battalion (RAB – an anti-terrorism unit known for torturing and killing inmates) and with Sudan. So The Hacking Team doesn’t care about to whom it sells its cyberweapons, as long as the cash flows in.
And now for the part that concerns you the most: thanks to the hacker team that hacked The Hacking Team (nice little word-play there), we now know that there is a huge number of exploits on the Internet to which each and every one of us is vulnerable.
One of them is what is called a “zero-day vulnerability” for Adobe’s Flash. A zero-day vulnerability is pretty much an exploitable bug that hackers can use for many different purposes, and about which the software’s manufacturers (Adobe, in this case) are unaware of until it’s way too late.
Symantec, a US-based IT company had this to say, according to Gizmodo: “Given the source of the proof-of-concept code, it is possible that this vulnerability has already been exploited in the wild. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected computer.” The Hacking Team called it “the most beautiful Flash bug for the last four years”. And it can be used for any version above and including Flash 9. The worst part is that the exploit can be easily delivered through your web-browser. Internet Explorer is one of the most vulnerable browsers at the moment (who would have thought?).
Adobe has yet to release a fix for the bug, so for the time being, it is advised not to browse websites you are unfamiliar with, and, if possible, disable Flash and stick to HTML5.
Sursa foto: kinja-img.com