Full Disclosure: Re: [Security Advisory] Backdoor Discovered inImmunity Debugger

["J. M. Seitz" <jms () bughunter ca>]

Werd, give us the details.....or you're full of it :)

JS 

> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk 
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of nnp
> Sent: Thursday, August 09, 2007 11:33 AM
> To: goudatr0n
> Cc: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] [Security Advisory] Backdoor 
> Discovered inImmunity Debugger
>
> Code location or it didn't happen.
>
> On 8/9/07, goudatr0n <goudatr0n () yahoo ca> wrote:
> > Infosec researchers with the Greater Alliance of PHP Programmers, 
> > headed by goudatr0n and in cooperation with David Marcus, have 
> > discovered a backdoor in the new Immunity Debugger.
> >
> > 1. PRODUCTS AFFECTED
> > Immunity Debugger (Immunity Security,
> > http://www.immunitysec.com/products-immdbg.shtml), All Versions
> >
> > 2. OVERVIEW
> > The Immunity Debugger contains a backdoor that emails 
> session history, 
> > running applications and other system information (location, IP 
> > address, machine Owner Name) to  an email address at immunitysec.com
> >
> > 3. ANALYSYS
> > Immunity Security provides a lightweight debugger for Windows, 
> > presumably to aid in discovering 0-day security 
> vulnerabilities. The 
> > debugger is distributed freely on the immunitysec.com website, 
> > requiring the user to register when they download it.
> >
> > Presumably, this debugger is intended to be used by people 
> searching 
> > for weaknesses in various proprietary products, due to the unsafe 
> > nature of how they are develope d, where the source is not 
> frequently 
> > audited. Since David Aitel is an attention whore who only 
> is rivaled 
> > by Gadi Evron, and his lack of skills as evident, Immunity 
> Security is 
> > only able to reveal 0-days by stealing them from other hackers 
> > attempting to find them.
> >
> > The backdoor emails detailed system information, along with 
> detailed 
> > debugging session information. In one such email that was 
> intercepted, 
> > it was seen that the entir e session was attached, as well as the 
> > Owner Name, external IP address, a list of running services 
> and their 
> > versions.
> >
> > 4. SOLUTION
> > Do not trust Immunity Security's debugger. They will steal 
> your 0-day 
> > and parade it around like they are the ones who discovered it. This 
> > will only continue to feed i nto David Aitel's massive ego, 
> > compensating for his tiny penis.
> >
> > BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE OF PHP 
> > PROGRAMMERS DON'T BE DUMB BE A SMARTY COME AND JOIN THE PISS PARTY
> >
> > goudatr0n can be found online at irc.perl.org #perl using the nick 
> > TimToady.
> >
> >
> >       Ask a question on any topic and get answers from real 
> people. Go 
> > to Yahoo! Answers and share what you know at 
> > http://ca.answers.yahoo.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> --
> http://www.smashthestack.org
> http://www.mastersofthewang.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/