lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 Aug 2007 19:33:29 +0100
From: nnp <version5@...il.com>
To: goudatr0n <goudatr0n@...oo.ca>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Security Advisory] Backdoor Discovered in
	Immunity Debugger

Code location or it didn't happen.

On 8/9/07, goudatr0n <goudatr0n@...oo.ca> wrote:
> Infosec researchers with the Greater Alliance of PHP
> Programmers, headed by goudatr0n and in cooperation
> with David Marcus, have discovered a backdoor in the
> new Immunity Debugger.
>
> 1. PRODUCTS AFFECTED
> Immunity Debugger (Immunity Security,
> http://www.immunitysec.com/products-immdbg.shtml), All
> Versions
>
> 2. OVERVIEW
> The Immunity Debugger contains a backdoor that emails
> session history, running applications and other system
> information (location, IP address, machine Owner Name)
> to
>  an email address at immunitysec.com
>
> 3. ANALYSYS
> Immunity Security provides a lightweight debugger for
> Windows, presumably to aid in discovering 0-day
> security vulnerabilities. The debugger is distributed
> freely on
> the immunitysec.com website, requiring the user to
> register when they download it.
>
> Presumably, this debugger is intended to be used by
> people searching for weaknesses in various proprietary
> products, due to the unsafe nature of how they are
> develope
> d, where the source is not frequently audited. Since
> David Aitel is an attention whore who only is rivaled
> by Gadi Evron, and his lack of skills as evident,
> Immunity
> Security is only able to reveal 0-days by stealing
> them from other hackers attempting to find them.
>
> The backdoor emails detailed system information, along
> with detailed debugging session information. In one
> such email that was intercepted, it was seen that the
> entir
> e session was attached, as well as the Owner Name,
> external IP address, a list of running services and
> their versions.
>
> 4. SOLUTION
> Do not trust Immunity Security's debugger. They will
> steal your 0-day and parade it around like they are
> the ones who discovered it. This will only continue to
> feed i
> nto David Aitel's massive ego, compensating for his
> tiny penis.
>
> BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE
> OF PHP PROGRAMMERS
> DON'T BE DUMB
> BE A SMARTY
> COME AND JOIN
> THE PISS PARTY
>
> goudatr0n can be found online at irc.perl.org #perl
> using the nick TimToady.
>
>
>       Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
http://www.smashthestack.org
http://www.mastersofthewang.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ