lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 09 Aug 2007 23:50:53 +0200
From: monikerd <monikerd@...il.com>
To: joey.mengele@...hmail.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Security Advisory] Backdoor Discovered
 in?Immunity Debugger]]

No matter what you say, md5 is still broken.

google it "collision attack"

or better yet, wikipedia it:
MD5CRK ended shortly after 17 August
<http://en.wikipedia.org/wiki/August_17> 2004
<http://en.wikipedia.org/wiki/2004>, when collisions
<http://en.wikipedia.org/wiki/Hash_collision> for the full MD5 were
announced by Xiaoyun Wang <http://en.wikipedia.org/wiki/Xiaoyun_Wang>,
Dengguo Feng, Xuejia Lai <http://en.wikipedia.org/wiki/Xuejia_Lai>, and
Hongbo Yu.^[1] <http://en.wikipedia.org/wiki/Md5#_note-0> ^[2]
<http://en.wikipedia.org/wiki/Md5#_note-1> Their analytical attack was
reported to take only one hour on an IBM p690
<http://en.wikipedia.org/wiki/IBM_p690> cluster."

md5 is broken. That way.

And the way it is broken, is the way he is used it.

If you don't understand how md5 is broken, really you don't need to be
on this list.

Really, if anyones netdev, it's you.

cheers, dimwit. Maybe you guys should follow the trends a bit, rather
than, submit
XSS and sql injections in noname websites.



Joey Mengele wrote:
> What the fuck are you talking about?
>
> More importantly, why so many ellipses? You cannot throw off Doctor 
> Neal's algorithms gobbles. Or should I call you n3td3v? Nice try, 
> troll.
>
> J
>
> On Thu, 09 Aug 2007 16:34:30 -0400 monikerd <monikerd@...il.com> 
> wrote:
>   
>> md5 is broken in a way that you could make 2 .exe's with the same 
>> md5
>> that do different things ...
>>
>> Not that i believe you are data mining, would be quite a feat to 
>> go
>> unnoticed
>> out my network anyway.
>>
>> Thought I'd point that out, so that maybe we could "like" stop 
>> using
>> md5 in situations where its broken. Otherwise we might just as 
>> well
>> stop calling this a security mailing list.
>>
>> If you are saying, the files with these md5 hashes are clean, feel 
>> free to
>> test them. You could still have an evil version that you can start
>> distributing in a while ..
>>
>> Just thought I'd trow this in as to not have wasted another 
>> thread, on
>> this fine mailinglist... Hell it's august afterall. doesn't really 
>> matter
>> that much :)
>>
>> cheers
>>     
>>> Sorry for the delay, I was sorting my database of our users' 
>>>       
>> debugger
>>     
>>> sessions, emails, porn pictures, underwear size, etc.
>>>
>>> NO, THERE IS NO BACKDOOR AT ALL IN IMMUNITY DEBUGGER. We don't 
>>>       
>> get any
>>     
>>> system information or  "debugging sessions" (???) or anything 
>>>       
>> else
>>     
>>> weird like that. Immunity
>>> Debugger does make an HTTP connection to Immunity to look for 
>>>       
>> updates
>>     
>>> much the way Firefox
>>> or any other modern software updates.
>>>
>>> Again, NO, we don't do any data mining.
>>>
>>> In any case, thanks for the free advertisement "goudatr0n".
>>>
>>> If you are still afraid, here is the list of md5 hashes:
>>> 437152d25787a1a06597f387d8f4811f  ImmunityDebugger_setup.exe
>>>
>>> 00ff5ccf4b35fa9117bef2f23e108f61  Bookmark.dll
>>> 20152f8682a9b103ae3e41e1075048a4  Cmdline.dll
>>> 1aa2be74e77da0370986222efd794edd  debugger.pyd
>>> 88d1df93fdb89dfbf5f9dd9b617ef28e  ImmunityDebugger.exe
>>> 10acf61aa4046b1fc8c8e434fbd291d6  ImmunityDebugger.ini
>>> c739f6a204665c05ee75f9b8a4f10d2f  LICENSE.txt
>>> 89d432e3e47cb9546bf4d9a91f6fda79  loaddll.exe
>>> 7d5221499f25014169d555ea428e6053  uninstall.exe
>>> f102ee2438bf9bdf1e6e84627d927909  updater.exe
>>>
>>> Cheers,
>>> Nico
>>>
>>>   
>>> -----------------------------------------------------------------
>>>       
>> -------
>>     
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>       
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>     
>
> --
> Click for free info on earning your associates degrees.
> http://tagline.hushmail.com/fc/Ioyw6h4dDtIMuvbiyaeDtNgdqGYaQ0BV2Gxp2W4ixrv2p5NMQoeCjI/
>
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ