lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 Aug 2007 13:58:01 -0400 (EDT)
From: goudatr0n <goudatr0n@...oo.ca>
To: full-disclosure@...ts.grok.org.uk
Subject: [Security Advisory] Backdoor Discovered in
	Immunity Debugger

Infosec researchers with the Greater Alliance of PHP
Programmers, headed by goudatr0n and in cooperation
with David Marcus, have discovered a backdoor in the
new Immunity Debugger. 

1. PRODUCTS AFFECTED
Immunity Debugger (Immunity Security,
http://www.immunitysec.com/products-immdbg.shtml), All
Versions

2. OVERVIEW
The Immunity Debugger contains a backdoor that emails
session history, running applications and other system
information (location, IP address, machine Owner Name)
to
 an email address at immunitysec.com

3. ANALYSYS
Immunity Security provides a lightweight debugger for
Windows, presumably to aid in discovering 0-day
security vulnerabilities. The debugger is distributed
freely on
the immunitysec.com website, requiring the user to
register when they download it.

Presumably, this debugger is intended to be used by
people searching for weaknesses in various proprietary
products, due to the unsafe nature of how they are
develope
d, where the source is not frequently audited. Since
David Aitel is an attention whore who only is rivaled
by Gadi Evron, and his lack of skills as evident,
Immunity
Security is only able to reveal 0-days by stealing
them from other hackers attempting to find them.

The backdoor emails detailed system information, along
with detailed debugging session information. In one
such email that was intercepted, it was seen that the
entir
e session was attached, as well as the Owner Name,
external IP address, a list of running services and
their versions.

4. SOLUTION
Do not trust Immunity Security's debugger. They will
steal your 0-day and parade it around like they are
the ones who discovered it. This will only continue to
feed i
nto David Aitel's massive ego, compensating for his
tiny penis.

BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE
OF PHP PROGRAMMERS
DON'T BE DUMB
BE A SMARTY
COME AND JOIN
THE PISS PARTY

goudatr0n can be found online at irc.perl.org #perl
using the nick TimToady.


      Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ