Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Security Advisory] Backdoor Discovered inImmunity Debugger

From: "J. M. Seitz" <jms () bughunter ca>
Date: Thu, 9 Aug 2007 11:40:07 -0700
Werd, give us the details.....or you're full of it :)

JS 


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of nnp
Sent: Thursday, August 09, 2007 11:33 AM
To: goudatr0n
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] [Security Advisory] Backdoor 
Discovered inImmunity Debugger

Code location or it didn't happen.

On 8/9/07, goudatr0n <goudatr0n () yahoo ca> wrote:

Infosec researchers with the Greater Alliance of PHP Programmers, 
headed by goudatr0n and in cooperation with David Marcus, have 
discovered a backdoor in the new Immunity Debugger.

1. PRODUCTS AFFECTED
Immunity Debugger (Immunity Security,
http://www.immunitysec.com/products-immdbg.shtml), All Versions

2. OVERVIEW
The Immunity Debugger contains a backdoor that emails 

session history, 

running applications and other system information (location, IP 
address, machine Owner Name) to  an email address at immunitysec.com

3. ANALYSYS
Immunity Security provides a lightweight debugger for Windows, 
presumably to aid in discovering 0-day security 

vulnerabilities. The 

debugger is distributed freely on the immunitysec.com website, 
requiring the user to register when they download it.

Presumably, this debugger is intended to be used by people 

searching 

for weaknesses in various proprietary products, due to the unsafe 
nature of how they are develope d, where the source is not 

frequently 

audited. Since David Aitel is an attention whore who only 

is rivaled 

by Gadi Evron, and his lack of skills as evident, Immunity 

Security is 

only able to reveal 0-days by stealing them from other hackers 
attempting to find them.

The backdoor emails detailed system information, along with 

detailed 

debugging session information. In one such email that was 

intercepted, 

it was seen that the entir e session was attached, as well as the 
Owner Name, external IP address, a list of running services 

and their 

versions.

4. SOLUTION
Do not trust Immunity Security's debugger. They will steal 

your 0-day 

and parade it around like they are the ones who discovered it. This 
will only continue to feed i nto David Aitel's massive ego, 
compensating for his tiny penis.

BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE OF PHP 
PROGRAMMERS DON'T BE DUMB BE A SMARTY COME AND JOIN THE PISS PARTY

goudatr0n can be found online at irc.perl.org #perl using the nick 
TimToady.


      Ask a question on any topic and get answers from real 

people. Go 

to Yahoo! Answers and share what you know at 
http://ca.answers.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
http://www.smashthestack.org
http://www.mastersofthewang.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: