Why Interpol wanted Pacman and the Minister of the Interior of Saxony
Again, false information is disseminated on the Internet using official sources. For this, a copy of the organization’s website is usually created under a similar name. But this time it's a little easier. The hole in the Interpol website allowed it to be used to disseminate incorrect information.
Translator's note: the title of the original article “Why Interpol was looking for the Minister of the Interior of Saxony”, as the source is the Saxon news agency MDR. But Pacman will be more known
On the Interpol page you can see a familiar face - Markus Ulbig, Minister of Foreign Affairs of Saxony. He is wanted, as the official page says.
The Interior Minister of Saxony, on the Interpol page, is wanted for a request to monitor 55,000 mobile phones.
')
A hacker from Saxony, Germany, Matthias Ungethüm, explained that he was checking on the possibility of hacking their websites and servers for businesses. Also, from time to time, he checks without requests, as in this case, checking the Interpol website, the union of police organizations. On the site, he discovered a vulnerability with the help of which it was possible to create fake news. “We don’t even need to fake the page, everything can be done right on the Interopol website”
Matthias Ungetum, hacker and security expert
The way it sounds and is implemented very simply. You only need to lengthen the original link that leads to the main page. This causes the page to display to be changed. This link can be included, for example, in an article on Facebook or in an email message. Ungetum explains “When a mailing message is opened, the text is simply indicated there. When you click on it, a transition to the Interpol page takes place. ”
The advantage of email in this case is that it is possible to hide a long address by replacing it with text. This vulnerability is possible only because the Interpol server does not properly control the links that go to the pages of the website. According to the hacker, “It’s not difficult to filter certain characters. In this case, it would be enough to filter a single character. They just didn't do it. ”
Pacman wanted for illegal neglect of 8-bit environment at "Level 256"
What is this character, Mattias does not tell, so that no one uses this vulnerability, as it allows you to locate anything on the site, up to Trojans. No one expects this, for example, if he wants to watch a video from the Interpol page. “If someone is interested in Interpol, I can send a link to the video from their page. But instead, a “update video player” window appears, when enabled, the virus is loaded. ”
Mattias Ungetum informed Interpol on May 30, 2016 about this problem. But the vulnerability was eliminated only a few hours after the publication of information about it on July 6, 2016.
Vulnerability message sent by Mattias Interpol.
All photos are owned by Michael Voß and the MDR agency.
Translator's note: the title of the original article “Why Interpol was looking for the Minister of the Interior of Saxony”, as the source is the Saxon news agency MDR. But Pacman will be more known
On the Interpol page you can see a familiar face - Markus Ulbig, Minister of Foreign Affairs of Saxony. He is wanted, as the official page says.
The Interior Minister of Saxony, on the Interpol page, is wanted for a request to monitor 55,000 mobile phones.
')
A hacker from Saxony, Germany, Matthias Ungethüm, explained that he was checking on the possibility of hacking their websites and servers for businesses. Also, from time to time, he checks without requests, as in this case, checking the Interpol website, the union of police organizations. On the site, he discovered a vulnerability with the help of which it was possible to create fake news. “We don’t even need to fake the page, everything can be done right on the Interopol website”
Matthias Ungetum, hacker and security expert
Sounds simple - it is simply implemented.
The way it sounds and is implemented very simply. You only need to lengthen the original link that leads to the main page. This causes the page to display to be changed. This link can be included, for example, in an article on Facebook or in an email message. Ungetum explains “When a mailing message is opened, the text is simply indicated there. When you click on it, a transition to the Interpol page takes place. ”
The advantage of email in this case is that it is possible to hide a long address by replacing it with text. This vulnerability is possible only because the Interpol server does not properly control the links that go to the pages of the website. According to the hacker, “It’s not difficult to filter certain characters. In this case, it would be enough to filter a single character. They just didn't do it. ”
Pacman wanted for illegal neglect of 8-bit environment at "Level 256"
Vulnerability was closed only in July
What is this character, Mattias does not tell, so that no one uses this vulnerability, as it allows you to locate anything on the site, up to Trojans. No one expects this, for example, if he wants to watch a video from the Interpol page. “If someone is interested in Interpol, I can send a link to the video from their page. But instead, a “update video player” window appears, when enabled, the virus is loaded. ”
Mattias Ungetum informed Interpol on May 30, 2016 about this problem. But the vulnerability was eliminated only a few hours after the publication of information about it on July 6, 2016.
Vulnerability message sent by Mattias Interpol.
All photos are owned by Michael Voß and the MDR agency.
Source: https://habr.com/ru/post/357140/
All Articles