[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46BB7A56.40909@gmail.com>
Date: Thu, 09 Aug 2007 22:34:30 +0200
From: monikerd <monikerd@...il.com>
To: Nicolas Waisman <nicolas.waisman@...unityinc.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Security Advisory] Backdoor
Discovered in?Immunity Debugger]]
md5 is broken in a way that you could make 2 .exe's with the same md5
that do different things ...
Not that i believe you are data mining, would be quite a feat to go
unnoticed
out my network anyway.
Thought I'd point that out, so that maybe we could "like" stop using
md5 in situations where its broken. Otherwise we might just as well
stop calling this a security mailing list.
If you are saying, the files with these md5 hashes are clean, feel free to
test them. You could still have an evil version that you can start
distributing in a while ..
Just thought I'd trow this in as to not have wasted another thread, on
this fine mailinglist... Hell it's august afterall. doesn't really matter
that much :)
cheers
> Sorry for the delay, I was sorting my database of our users' debugger
> sessions, emails, porn pictures, underwear size, etc.
>
> NO, THERE IS NO BACKDOOR AT ALL IN IMMUNITY DEBUGGER. We don't get any
> system information or "debugging sessions" (???) or anything else
> weird like that. Immunity
> Debugger does make an HTTP connection to Immunity to look for updates
> much the way Firefox
> or any other modern software updates.
>
> Again, NO, we don't do any data mining.
>
> In any case, thanks for the free advertisement "goudatr0n".
>
> If you are still afraid, here is the list of md5 hashes:
> 437152d25787a1a06597f387d8f4811f ImmunityDebugger_setup.exe
>
> 00ff5ccf4b35fa9117bef2f23e108f61 Bookmark.dll
> 20152f8682a9b103ae3e41e1075048a4 Cmdline.dll
> 1aa2be74e77da0370986222efd794edd debugger.pyd
> 88d1df93fdb89dfbf5f9dd9b617ef28e ImmunityDebugger.exe
> 10acf61aa4046b1fc8c8e434fbd291d6 ImmunityDebugger.ini
> c739f6a204665c05ee75f9b8a4f10d2f LICENSE.txt
> 89d432e3e47cb9546bf4d9a91f6fda79 loaddll.exe
> 7d5221499f25014169d555ea428e6053 uninstall.exe
> f102ee2438bf9bdf1e6e84627d927909 updater.exe
>
> Cheers,
> Nico
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists