| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Nov 2010 15:30:15 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: T Biehn <tbiehn@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
Valdis.Kletnieks@...edu
Subject: Re: Evilgrade 2.0 - the update explotation
framework is back
Don't troll people, troll!
On Tue, Nov 2, 2010 at 3:09 PM, T Biehn <tbiehn@...il.com> wrote:
> a+ troll.
>
> -Travis
>
>
> On Sun, Oct 31, 2010 at 9:24 AM, Christian Sciberras <uuf6429@...il.com>wrote:
>
>> Only thing, there's the danger of someone using stolen certificates.
>> But I'm sure there's another fix for that.
>>
>> In my opinion, all in all, you're creating a yet another overly complex
>> system with as yet more possible flaws.
>> Don't forget tat each new line of code is a potential attack vector which
>> affects any system.
>>
>> Just my 2 cents...
>>
>> Chris.
>>
>>
>>
>> On Sun, Oct 31, 2010 at 1:09 PM, Mario Vilas <mvilas@...il.com> wrote:
>>
>>> Just signing the update packages prevents this attack, so it's not that
>>> hard to fix.
>>>
>>> On Sat, Oct 30, 2010 at 5:02 PM, <Valdis.Kletnieks@...edu> wrote:
>>>
>>>> On Sat, 30 Oct 2010 04:43:14 +0800, Jacky Jack said:
>>>> > It's now a time for vendors to re-consider their updating scheme.
>>>>
>>>> And do what differently, exactly?
>>>>
>>>> OK, so it's *possible* to fake out the iTunes update process. But which
>>>> is easier
>>>> and more productive:
>>>>
>>>> A) Laying in wait for some random to think "Wow, I should update iTunes"
>>>> and
>>>> hijack the process.
>>>>
>>>> B) Send out a few hundred thousand spam with a '
>>>> From:update@...le-itunes-support.com<From%3Aupdate@...le-itunes-support.com>
>>>> '
>>>> with a link to a site you control and feed the the sheep some malware.
>>>>
>>>> Evilgrade looks like a nice tool to have if you're doing a pen test or a
>>>> targeted attack and can somehow get the victim to do an update (possibly
>>>> social
>>>> engineering), but for any software vendor feeding software updates to
>>>> Joe
>>>> Sixpack this threat model is *so* far down the list it isn't funny.
>>>> Simply
>>>> compare the number of boxes pwned by (A) and (B) - how many people have
>>>> gotten
>>>> pwned because somebody hijacked their update from Symantec or wherever,
>>>> compared to the number pwned because they got a popup that said "Your
>>>> computer
>>>> is infected, click here to fix it"?
>>>>
>>>> Remember - just because a new tool useful for an attacker shows up, does
>>>> *not*
>>>> mean it's a game changer for the industry at large.
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>>
>>> --
>>> HONEY: I want to… put some powder on my nose.
>>> GEORGE: Martha, won’t you show her where we keep the euphemism?
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
> http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
> http://pastebin.com/f6fd606da
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists