lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000001c7dab4$b5e37660$06004d0a@jseitz>
Date: Thu, 9 Aug 2007 11:40:07 -0700
From: "J. M. Seitz" <jms@...hunter.ca>
To: "'nnp'" <version5@...il.com>, "'goudatr0n'" <goudatr0n@...oo.ca>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Security Advisory] Backdoor Discovered
	inImmunity Debugger

Werd, give us the details.....or you're full of it :)

JS 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of nnp
> Sent: Thursday, August 09, 2007 11:33 AM
> To: goudatr0n
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] [Security Advisory] Backdoor 
> Discovered inImmunity Debugger
> 
> Code location or it didn't happen.
> 
> On 8/9/07, goudatr0n <goudatr0n@...oo.ca> wrote:
> > Infosec researchers with the Greater Alliance of PHP Programmers, 
> > headed by goudatr0n and in cooperation with David Marcus, have 
> > discovered a backdoor in the new Immunity Debugger.
> >
> > 1. PRODUCTS AFFECTED
> > Immunity Debugger (Immunity Security,
> > http://www.immunitysec.com/products-immdbg.shtml), All Versions
> >
> > 2. OVERVIEW
> > The Immunity Debugger contains a backdoor that emails 
> session history, 
> > running applications and other system information (location, IP 
> > address, machine Owner Name) to  an email address at immunitysec.com
> >
> > 3. ANALYSYS
> > Immunity Security provides a lightweight debugger for Windows, 
> > presumably to aid in discovering 0-day security 
> vulnerabilities. The 
> > debugger is distributed freely on the immunitysec.com website, 
> > requiring the user to register when they download it.
> >
> > Presumably, this debugger is intended to be used by people 
> searching 
> > for weaknesses in various proprietary products, due to the unsafe 
> > nature of how they are develope d, where the source is not 
> frequently 
> > audited. Since David Aitel is an attention whore who only 
> is rivaled 
> > by Gadi Evron, and his lack of skills as evident, Immunity 
> Security is 
> > only able to reveal 0-days by stealing them from other hackers 
> > attempting to find them.
> >
> > The backdoor emails detailed system information, along with 
> detailed 
> > debugging session information. In one such email that was 
> intercepted, 
> > it was seen that the entir e session was attached, as well as the 
> > Owner Name, external IP address, a list of running services 
> and their 
> > versions.
> >
> > 4. SOLUTION
> > Do not trust Immunity Security's debugger. They will steal 
> your 0-day 
> > and parade it around like they are the ones who discovered it. This 
> > will only continue to feed i nto David Aitel's massive ego, 
> > compensating for his tiny penis.
> >
> > BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE OF PHP 
> > PROGRAMMERS DON'T BE DUMB BE A SMARTY COME AND JOIN THE PISS PARTY
> >
> > goudatr0n can be found online at irc.perl.org #perl using the nick 
> > TimToady.
> >
> >
> >       Ask a question on any topic and get answers from real 
> people. Go 
> > to Yahoo! Answers and share what you know at 
> > http://ca.answers.yahoo.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> 
> 
> --
> http://www.smashthestack.org
> http://www.mastersofthewang.com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ