Werd, give us the details.....or you're full of it :) JS
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of nnp > Sent: Thursday, August 09, 2007 11:33 AM > To: goudatr0n > Cc: [email protected] > Subject: Re: [Full-disclosure] [Security Advisory] Backdoor > Discovered inImmunity Debugger > > Code location or it didn't happen. > > On 8/9/07, goudatr0n <[EMAIL PROTECTED]> wrote: > > Infosec researchers with the Greater Alliance of PHP Programmers, > > headed by goudatr0n and in cooperation with David Marcus, have > > discovered a backdoor in the new Immunity Debugger. > > > > 1. PRODUCTS AFFECTED > > Immunity Debugger (Immunity Security, > > http://www.immunitysec.com/products-immdbg.shtml), All Versions > > > > 2. OVERVIEW > > The Immunity Debugger contains a backdoor that emails > session history, > > running applications and other system information (location, IP > > address, machine Owner Name) to an email address at immunitysec.com > > > > 3. ANALYSYS > > Immunity Security provides a lightweight debugger for Windows, > > presumably to aid in discovering 0-day security > vulnerabilities. The > > debugger is distributed freely on the immunitysec.com website, > > requiring the user to register when they download it. > > > > Presumably, this debugger is intended to be used by people > searching > > for weaknesses in various proprietary products, due to the unsafe > > nature of how they are develope d, where the source is not > frequently > > audited. Since David Aitel is an attention whore who only > is rivaled > > by Gadi Evron, and his lack of skills as evident, Immunity > Security is > > only able to reveal 0-days by stealing them from other hackers > > attempting to find them. > > > > The backdoor emails detailed system information, along with > detailed > > debugging session information. In one such email that was > intercepted, > > it was seen that the entir e session was attached, as well as the > > Owner Name, external IP address, a list of running services > and their > > versions. > > > > 4. SOLUTION > > Do not trust Immunity Security's debugger. They will steal > your 0-day > > and parade it around like they are the ones who discovered it. This > > will only continue to feed i nto David Aitel's massive ego, > > compensating for his tiny penis. > > > > BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE OF PHP > > PROGRAMMERS DON'T BE DUMB BE A SMARTY COME AND JOIN THE PISS PARTY > > > > goudatr0n can be found online at irc.perl.org #perl using the nick > > TimToady. > > > > > > Ask a question on any topic and get answers from real > people. Go > > to Yahoo! Answers and share what you know at > > http://ca.answers.yahoo.com > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > http://www.smashthestack.org > http://www.mastersofthewang.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
