A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github

A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github

Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the internet.



ARS TECHNICA


This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.



Researcher Saleem Rashid on Wednesday tweeted images of the video "Never Gonna Give You Up," by 1980s heartthrob Rick Astley, playing on Github.com and NSA.gov. The digital sleight of hand is known as Rickrolling and is often used as a humorous and benign way to demonstrate serious security flaws. In this case, Rashid's exploit causes both the Edge and Chrome browsers to spoof the HTTPS verified websites of Github and the National Security Agency. Brave and other Chrome derivatives, as well as Internet Explorer, are also likely to fall to the same trick. (There's no indication Firefox is affected.)

Rashid's simulated attack exploits CVE-2020-0601, the critical vulnerability that Microsoft patched on Tuesday after receiving a private tipoff from the NSA. As Ars reported, the flaw can c ..

Support the originator by clicking the read the rest link below.