Trump Pardons Google Trade Secret Thief

Trump Pardons Google Trade Secret Thief

A former executive of Google subsidiary Waymo, imprisoned in the United States for stealing a trade secret and sharing it with rival company Uber, has been pardoned by outgoing president Donald Trump.



On March 19, 2020, Anthony Scott Levandowski pleaded guilty to one of 33 counts of trade secrets theft originally filed against him in 2019. The 40-year-old was sentenced to 18 months in jail and a 3-year period of supervised release by US District Judge William Alsup on August 4, 2020.



As per his plea agreement, Levandowski admitted that from 2009 to 2016 he worked in Google’s self-driving car program, known then as Project Chauffer, which had a confidentiality requirement.



Levandowski left the Google subsidiary to found his own business, Ottomotto, an autonomous driving hardware and software developer that was acquired by Uber Technologies in 2016 for $680m. 



As part of his plea agreement, the entrepreneur admitted downloading thousands of Project Chauffer files onto his personal laptop prior to leaving Waymo. He also admitted downloading a variety of files from a corporate Google Drive repository. 



Among these files was an internal tracking document entitled “Chauffeur TL weekly updates – Q4 2015” that contained confidential details regarding the status of Project Chauffer. Levandowski admitted that he downloaded this file with the intent to use it to benefit himself and Uber Technologies, Inc.  



Levandowski further admitted that the stolen document was Google’s trade secret, and that stealing it caused the company to lose an estimated $1,500,000.



In addition to the custodial sentence, Judge Alsup ordered former exec Levandowski to pay a $95,000 fine and $756,499.22 in restitution to Waymo LLC, as Google’s self-driving program is now known. 



Yesterday, Levandowski was one of 73 convicted criminals who were pardoned by President Trump on his final day in office. 



In pardoning Levandowski, Trump wrote: “Mr. Levandowski pled guilty to a single criminal count arising from civil litigation. Notably, his sentencing judge called him a ‘brilliant, groundbreaking engineer that our country needs.’ 



“Mr. Levandowski has paid a significant price for his actions and plans to devote his talents to advance the public good.”


Source: Infosecurity
Trump Pardons Google Trade Secret Thief

CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.
Source: NIST
CVE-2021-21269

CVE-2020-28452

This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.
Source: NIST
CVE-2020-28452

CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client’s IP can be spoofed by setting the X-Forwarded-For header.
Source: NIST
CVE-2020-28483

US Marines Create "Blue Team"

US Marines Create “Blue Team”

The United States Marine Corps today announced the creation of a Marine Corps’ Adversarial Cyber Assessment “Blue Team” (MCAT).



A Blue Team is a group of people who identify security threats and risks in the operating environment and analyze the network environment and its current state of security readiness. 



Using their findings and expertise, a Blue Team will typically provide recommendations that integrate into an overall community security solution to increase a customer’s cybersecurity readiness posture.



MCAT was established by Marine Corps Tactical Systems Support Activity (MCTSSA) and comprises eight to ten people from a variety of backgrounds, including cybersecurity, computer engineering, and information technology.



In a memo authorizing the new adversarial Blue Team designation, Commander of Marine Corps Forces Cyberspace Command Maj. Gen. M.G. Glavy said that the newly formed Blue Team will support Marine Corps Systems Command’s (MCSC’s) Programs of Record (PoRs), which enhances acquisitions’ cyber testing and evaluation capabilities.



The new team is authorized to perform evaluator, tester, and aggressor roles in accordance with the Mission Focused Cyber Hardening memo released in October 2019 by the Office of the Under Secretary of Defense Acquisition and Sustainment.



“This capability strengthens our acquisition cyber footprint while also enhancing our Corps’ operational cyber resiliency,” said MCTSSA commanding officer Lt. Col. Michael Liguori.



“The cyber ‘Blue Team’ is another example of MCTSSA’s dedication to support MCSC and our Corps’ cyber efforts in contested environments.”



MCAT will assess the security and defense of MCSC and Program Executive Officer Land Systems PoRs for systems in the field and for those that are still in the developmental test phase. 



“I would agree that having the first cyber ‘Blue Team’ designation for the Marine Corps is an important step and I’m proud be a plank owner,” said Gunnery Sgt. Patrick McKelvey, staff non-commissioned officer in charge of the Test and Certification Division.



“It also enables MCTSSA to potentially increase manning for Defensive and Offensive Cyberspace Operators, those with the 17XX military occupational specialty, to support the mission.”


Source: Infosecurity
US Marines Create “Blue Team”

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the “Birthday Attacks” section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Source: NIST
CVE-2020-25686

CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Source: NIST
CVE-2020-25687

CVE-2020-25681

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: NIST
CVE-2020-25681

CVE-2020-25682

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: NIST
CVE-2020-25682

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
Source: NIST
CVE-2020-25685