lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <45E56955.1090000@ntsecurity.nu>
Date: Wed, 28 Feb 2007 12:36:53 +0100
From: Arne Vidstrom <arne.vidstrom@...ecurity.nu>
To: bugtraq@...urityfocus.com
Subject: Evading the Norman SandBox Analyzer 

Hi all,

Summary:

The Norman SandBox Analyzer (http://sandbox.norman.no/live.html) runs 
malicious code samples in an emulated environment while logging their 
actions. In practice it is more or less impossible to make an emulated 
environment perfectly similar to the real thing. It is therefore 
possible to write malicious code that does not behave maliciously when 
run in the Sandbox Analyzer. Here I will give one example of such a 
technique.

Full text at:

http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html

I have notified Norman about the problem but have chosen not to wait for 
them to patch it. The reason being that this is not a regular 
vulnerability, but rather an example of an inherent weakness in emulated 
sandboxes in general. I assume they will patch this particular case 
shortly though since it should be very easy to do.

Regards /Arne

http://ntsecurity.nu
http://vidstrom.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ