Search This Blog

Showing posts with label uber. Show all posts

Flaw in Palo Alto VPN Solution Puts Uber and Other Enterprises at Risk




A critical vulnerability has been discovered in Palo Alto GlobalProtect SSL VPN software, the bug, somewhat unusual and is apparently said to be utilized by big enterprise companies over the globe, including the 'ride-hailing platform' Uber.

Used to make secure channels and Virtual Private Network (VPN) tunnels for remote workers - however was discreetly existing in more established adaptations i.e. the older adaptations, the bug has been fixed with the release of recent solutions.

Researchers depict the bug as format string vulnerability in the PAN SSL Gateway, which handles clients/server SSL handshakes.

The issue lies in how the gateway handles specific value parameters without legitimate sanitization, and an attacker sending a 'crafted request' to a vulnerable SSL VPN target is sufficient to trigger an exploit easily.

As per Palo Alto's security advisory, ‘the remote code execution flaw, tracked as CVE-2019-1579, is present in GlobalProtect portal and GlobalProtect Gateway products…’
The vulnerability in old renditions of the product was first discovered and revealed by Devcore researchers Orange Tsai and Meh Chang in a blog entry just a week ago, a further examination found that there was no assigned CVE.

The "silent fix" RCE was not replicable on the most recent rendition of GlobalProtect, regardless of the success with the older variations.

After investigation and exploring a bit the researchers revealed just about 22 Uber-owned servers utilizing a vulnerable version of GlobalProtect.

Nevertheless Uber tackled the issue as soon as it was made aware of it and further clarified that, “Palo Alto SSL VPN was not the primary VPN in use by the majority of staff members, and the software was hosted in AWS rather than embedded within core infrastructure and so the potential impacted was deemed ‘low’...”
A partial proof-of-concept (PoC) has likewise been released after the discoveries provoked Palo Alto to publish a warning and the vulnerability's CVE was then assigned.

Indeed, even after Uber's potential exposure may have been low as the older software was facilitated in AWS, yet that does not mean other enterprises and companies may not be vulnerable. It is therefore, prescribed that users update to a much recent version as fast as they could given the circumstances.

Uber Working with AI to Determine the Probability of Drunken Passengers



Recently according to CNN, the Uber Innovation Inc. documented a patent for a machine learning application that could precisely foresee a user's condition of sobriety and caution the driver with this information. Because apparently Uber is taking a shot at innovating a technology that could decide exactly just how drunken passengers are when requesting for a ride.

The patent application depicts artificial intelligence that figures out how passengers commonly utilize the Uber application, so it can better spot uncommon behaviour in light of the fact that, various Uber drivers have been physically assaulted by passengers as of late, a significant number of whom were inebriated.

The application's algorithms measure various factors that indicate that the passengers are most likely inebriated it incorporates typos, walking speed, how correctly the passengers press in-app buttons, and the amount of time it takes to arrange a ride. Somebody messing up most words, swaying side-to-side and taking at most 15 minutes to arrange for a ride late on Saturdays.

Uber's patent says that it could, possibly, utilize the innovation to deny rides to users in light of their current state, or maybe coordinate them with different drivers with pertinent abilities and training.

The application is said to likewise increase the wellbeing for both the rider as well as the driver.

As per an ongoing CNN investigation, no less than 103 Uber drivers have been blamed for sexually assaulting or abusing passengers in just the previous four years. Now, while the application won't stop the ruthless idea of a few people, it can definitely help in accurately recognizing disabled people so they can be placed with trusted drivers or those with experience in commuting inebriated passengers.

Uber Charges Rider C$18.5K for 20-minute Trip

We’re all familiar with surge pricing and paying high amounts of money for small distances to corporations like Uber or Ola, but last Friday, a man in Canada was charged about C$18,500 for a 5.6-kilometre trip.

That’s about 14,500 in US Dollars, or 9.3 lakhs in Indian Rupees. Hisham Salama, the rider in question, took to Instagram to share this story. His friend also posted a screenshot on Twitter:


Uber looked ready to shift all the blame on the customer, as proven by a screenshot of the conversation between Hisham and the company.


Finally, it seems the uproar on social media caught their attention and they apologized as well as refunded the money back to Hisham. According to his tweet, they will be setting up a meeting with a representative and solve the problem.


Uber later defended itself saying that the huge charge was an “error” and has been resolved, adding that they have refunded the money and apologized for the experience.

A spokesperson from the company, in a statement to Slate, said, “We have safeguards in place to help prevent something like this from happening, and we are working to understand how this occurred.”

Uber further went on to put the blame on the driver, saying that his cab was a traditional cab with a meter and the driver had made a mistake while putting in the fare details into it, and that the error was not a technical glitch.


(Currency figures are 1 CAD = 0.78 USD and 50.24 INR)