Code location or it didn't happen. On 8/9/07, goudatr0n <[EMAIL PROTECTED]> wrote: > Infosec researchers with the Greater Alliance of PHP > Programmers, headed by goudatr0n and in cooperation > with David Marcus, have discovered a backdoor in the > new Immunity Debugger. > > 1. PRODUCTS AFFECTED > Immunity Debugger (Immunity Security, > http://www.immunitysec.com/products-immdbg.shtml), All > Versions > > 2. OVERVIEW > The Immunity Debugger contains a backdoor that emails > session history, running applications and other system > information (location, IP address, machine Owner Name) > to > an email address at immunitysec.com > > 3. ANALYSYS > Immunity Security provides a lightweight debugger for > Windows, presumably to aid in discovering 0-day > security vulnerabilities. The debugger is distributed > freely on > the immunitysec.com website, requiring the user to > register when they download it. > > Presumably, this debugger is intended to be used by > people searching for weaknesses in various proprietary > products, due to the unsafe nature of how they are > develope > d, where the source is not frequently audited. Since > David Aitel is an attention whore who only is rivaled > by Gadi Evron, and his lack of skills as evident, > Immunity > Security is only able to reveal 0-days by stealing > them from other hackers attempting to find them. > > The backdoor emails detailed system information, along > with detailed debugging session information. In one > such email that was intercepted, it was seen that the > entir > e session was attached, as well as the Owner Name, > external IP address, a list of running services and > their versions. > > 4. SOLUTION > Do not trust Immunity Security's debugger. They will > steal your 0-day and parade it around like they are > the ones who discovered it. This will only continue to > feed i > nto David Aitel's massive ego, compensating for his > tiny penis. > > BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE > OF PHP PROGRAMMERS > DON'T BE DUMB > BE A SMARTY > COME AND JOIN > THE PISS PARTY > > goudatr0n can be found online at irc.perl.org #perl > using the nick TimToady. > > > Ask a question on any topic and get answers from real people. Go to > Yahoo! Answers and share what you know at http://ca.answers.yahoo.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
-- http://www.smashthestack.org http://www.mastersofthewang.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
