On Tuesday, Microsoft released an urgent update addressing critical Windows 10 vulnerability discovered by the US National Security Agency (NSA). The vulnerability (CVE-2020-0601), revolves around validating security certificates, causing browsers to display malicious websites as secure and encrypted.
To demonstrate how this vulnerability can be exploited, security researcher Saleem Rashid decided to play with the NSA itself. He shared an image of his attack technique on Twitter showing how he was able to exploit the vulnerability.
The images also show how users, when accessing nsa.gov, are directed to a video of singer Rick Astley singing his popular 80’s hit song “Never Gonna Give You Up.” The action is known on the internet as “Rickrolling“, commonly used as a catch. Rashid did the same with the GitHub website, a platform popular among software developers.
Upon learning of the flaw, Rashid devised a technique that works against both Chrome and Edge browsers. Contacting the Ars Technica website, he explained that it only required 100 lines of code to build his tool, but could do so with on ..