The Sizzle

Issue 387 - Monday, 8th May 2017

Flying back to Melbourne today, so this is the last lightweight Sizzle - normal service resumes tomorrow.


French Presidential candidate Macron had his emails hacked in to
The Russians are at it again - French presidential candidate Macron (the one that isn't a Nazi) has had 9GB of of emails chucked on Pastebin by someone calling themselves EMLEAKS. Which I guess isn't much of a surprise, as email is weak as piss to get into. Macron's campaign team complained of many hack attempts prior to this email dump and they were fully aware something like this could happen - but that didn't stop the pesky Russians, who officially say they had no involvement. The French have a 24-hour media election coverage blackout prior to polls opening, so this won't be covered by French media beyond the fact a hack occurred, neutering the impact of the released emails. Not that anything particularly incriminating has been found.

Intel's AMT remote admin hardware can be owned remotely
Intel's Active Management Technology (AMT) feature is a way for people looking after large fleets of laptops and desktops to do a whole bunch of system admin things like re-image/re-install an OS, access the BIOS, view diagnostic info and more, even when the computer is sleeping or "off". Handy stuff, but unfortunately, there's a pretty serious bug in it that has been sitting there for years, where someone can get access to the AMT just by accessing ports 16992 and 16993. Those ports should be firewalled anyways, but still - a hacker can get god mode to your computer relatively trivially if it has the AMT hardware installed. Intel will release a fix to OEMs that'll be available to the public later this week. Have fun patching this all you desktop support people, I don't think it can be automated, heh.

Video encoding app Handbrake came with sideloaded malware
To complete the "computers are shit" trifecta, popular Mac video encoding app Handbrake has been infected with a variant of the nasty Proton malware. Between the 2nd and 6th of May, the DMG available from the official Handbrake website was compromised. Ways to chcek if you're infected with this malware are up on the Handbrake forums. It looks like one of servers hosting the Handbrake DMG was hacked and the DMG replaced with one that has shitty malware stuck on the side. Here's a detailed analysis of the Proton malware Handbrake was infected with. It's got a keylogger, SSH access, webcam access, can upload and download files - you name it, Proton can do it.


Ultrasound cross-device tracking is the ad-tech industry's latest way to track us
I'd never heard (ha) of ultrasound cross-device tracking (uXDT) before, but now that I know it exists, I hate the ad tech industry just a little more. uXDT is basically a tone that plays in a TV, radio, or online advertisement that can be heard by smartphones, but not by humans. Some Android apps are constantly listening for this tone so that they can detect your smartphone's profile (which is generally pretty unique) and link it back to your overall online identity via Facebook or other ad networks (which you've accessed via the same device), so advertisers can get a better idea of who's watching their ads. Brunswick Technical University in Germany has found 234 apps that do this listening and even a few physical stores in the EU that blast ultrasonic noise so that they can tell when you enter the shop with your smartphone.

Here endeth the sizzle (until tomorrow!)

The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Join us on Slack and chat with other Sizzle subscribers. Know someone who could use a bit of Sizzle in their life? Buy them a gift subscription!