Skip to content

Category: Hackerterrorcybercyber

SHA1 attack on Bittorrent backdoors binaries

BitErrant is an exploit with a logo.

On https://biterrant.io we can find the following:

“Here are two EXE files with different functionality (evil has a meterpreter that will listen on all interfaces), but yielding the same .torrent file.”

That means that it is possible to attack the BitTorrent protocol, when downloading software or content, replacing the actual content with malicious one that may contain exploits.

Warning: Exploit with logo, impact unclear

Leave a Comment

Namespaces, but “uname -r” says 2.6

In this blog post, RedHat explains how they not only fork codebases, but also Version Numbers, making any RedHat install cryptic and hard to compare against upstream codebases and developments.

A simple things such as

rpm --queryformat="%{name}\t%{version}\n" -qa

may allow you to say something about lesser distros, but not RedHat.

From the article:

 rpm -q --changelog openssl | grep -E --color \
"(CVE-2016-2108|CVE-2016-0799|CVE-2016-0705|CVE-2016-6304|CVE-2016-2109|CVE-2016-0798|CVE-2016-2182|CVE-2016-6303|CVE-2014-8176)"
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2014-8176 - invalid free in DTLS buffering code

Just say “no” to this mess.

3 Comments

App can’t be opened because the identity of the developer cannot be confirmed

Policy Settings can prevent the execution of unsigned binaries.

MacOS can be set to prevent the execution of unsigned binaries. This is done by pushing a security policy to the system, which is then enforced by the SecAssessment subsystem.

Of course, you can still install XCode and compile binaries locally, and even execute them. You can also code in interpreted languages such as the local Python, and call system functions from there, so the policy is only of very limited use in locking down the system.

9 Comments

Trendmicro vs. Security Researchers: 223 to 0

Thomas Fox-Brewster of Forbes writes on Roberto Suggi Liverani and Steven Seeley, which began researching the security of Trend Micro products last year in late July and have since today 223 weaknesses in 11 producs, 194 of them remotely exploitable.

Turns out that their Data Loss Prevention tool is a lot better at Data Loss than preventing it.

Most shocking for the two reseachers has been that a large number of these finds have been trivial, showing that internal code audits and software engineering practices at Trend Micro are most likely severely underdeveloped or performed only informally.

Full presentation will be at Hack in the Box, in Amsterdam, covering TrendMicro ScanMail for Microsoft Exchange, TrendMicro Smart Protection Center, TrendMicro Data Loss Prevention, TrendMicro Control Manager, TrendMicro InterScan Web Security Virtual Appliance, TrendMicro InterScan Messaging Security Suite, TrendMicro Threat Discovery Appliance, TrendMicro SafeSync, and TrendMicro Mobile Security Enterprise.

 

3 Comments