Welcome Guest.   Make a donation to an author on the site October 31, 2014, 02:23:37 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Tech News Weekly: Edition 3-10  (Read 5683 times)
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« on: January 24, 2010, 04:50:34 AM »

The Weekly Tech News
Hi all.
It's BAAAAACK!! Hope you enjoy smiley
The last Tech News was posted a month and a half ago. You can find it here.


1. Judge Slashes "monstrous" P2P Award by 97% to $54,000

2. Tor Software Updated After Hackers Crack Into Systems

3. Bumps ahead as Vimeo, YouTube respond to HTML5 video demand

4. Analysis of 32 Million Breached Passwords

5. Wrists Playing Up? You're Shagging Too Much

6. Virgin Trials P2P Deep Packet Snooping

7. Google Hack Attack Was Ultra Sophisticated, New Details Show

8. NASA Extends the World Wide Web Out Into Space

9. No One Gives A Crap How Many Pigs You Have, Jerk!


Ehtyar.
Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: January 24, 2010, 05:32:08 AM »

Tech News Weekly is back!

Logged
lanux128
Global Moderator
*****
Posts: 6,120



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: January 24, 2010, 07:05:24 AM »

hey, welcome back! Thmbsup
Logged

Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: January 24, 2010, 01:22:14 PM »

Thanks guys cheesy

Ehtyar.
Logged
4wd
Supporting Member
**
Posts: 3,377



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: January 24, 2010, 03:45:12 PM »

@5: Damn!  And I thought it was me playing too much FPS!

Guess I'll have to start saying, "Sorry love, tonight's Team Deathmatch."

@8: UhOh!  Closed environment + too much pr0n = Deliverance!

 tongue
« Last Edit: January 24, 2010, 03:49:10 PM by 4wd » Logged

I do not need to control my anger ... people just need to stop pissing me off!
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: January 24, 2010, 03:53:40 PM »

@4wd R.O.F.L!!! greenclp

Ehtyar.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: January 24, 2010, 07:44:06 PM »

Was the recent NTVDM local privilege escalation exploit used in the google attack?

That's a very interesting exploit, compared to your usual double-free/buffer-overrun/blablabla exploits, for a lot of reasons. Too bad MS didn't fix it long ago, they've been informed about it for a while. Also, while NTVDM is a very old component and you'd thus reason that "it's OK they haven't spent a lot of effort auditing NTVDM since it's a frozen target and unlikely to be exploited", there's been at least two privilege escalation attacks on NTVDM in the past...
Logged

- carpe noctem
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: January 24, 2010, 07:56:35 PM »

The Google attack (and the rest of them) was the IE RCE (high reliability for IE6/XP only...makes you wonder).

I don't believe the NTVDM has been exploited in the wild yet (at least not to great effect). I'm not terribly excited about it TBH; if/when someone finds a creative way of *using* it, it might get interesting.

Ehtyar.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: January 24, 2010, 08:04:30 PM »

The Google attack (and the rest of them) was the IE RCE (high reliability for IE6/XP only...makes you wonder).
Yes, that's apparently how they got into the systems - I'm wondering if they used NTVDM to go LUA->Admin.

I don't believe the NTVDM has been exploited in the wild yet (at least not to great effect). I'm not terribly excited about it TBH; if/when someone finds a creative way of *using* it, it might get interesting.
Perhaps not used, but it's still one of the more interesting exploits for quite a while, even though it's "just" privilege escalation and not remote. Why? Partly because it in such an unlikely target... and very much so because it affects all 32bit NT versions. Want root? got root! (Oh, and it's not just LUA->Admin... it's full kernel-mode privileges without loading a .sys).
Logged

- carpe noctem
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: January 24, 2010, 08:43:07 PM »

AFAIK the NTVDM vuln was not used at all in the China hack.

I know why you found the NTVDM vuln interesting, I just don't particularly agree. I'd fine it more interesting if they found something that impressive in a moving target, or something more readily exploitable. This was like taking candy from a baby.

Ehtyar.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: January 24, 2010, 08:59:21 PM »

This was like taking candy from a baby.
Not exactly - finding an exploit like that requires a fairly decent understanding of not only Windows internals, but also above-average knowledge of CPU detail (and that's above-average for assembly programmers, mind you). There's automated tools that can find "areas of interest" for a number of exploit types, which can then be further analyzed by a security researcher (or malware writer) - this NTVDM exploit is something extraordinaire.

And while it might not be in the wild yet, you can be pretty sure it's already added to blackhat toolset, and will be added to drive-by rootkits any time now - with good reason. It's even worse than the linux kernel 2.4->2.6 privilege escalation exploit (which was bad enough - iirc that was around 8 years of kernel revisions, and multiple architectures).

Privilege escalation might not be as sexy as remote holes, but it's a dangerous addition once a hole is found... and when you get not only admin but can go kernel-mode "silently", and it can target such a large installation base - ouch!
Logged

- carpe noctem
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: January 24, 2010, 09:06:13 PM »

And when it's successfully exploited on such a grand scale, I'll be impressed. Until then, it's stationary target practice.

Ehtyar.
Logged
SKA
Charter Member
***
Posts: 218

View Profile Give some DonationCredits to this forum member
« Reply #12 on: January 24, 2010, 10:20:01 PM »

Possibly OT, but Google says attack came in thru its corporate VPN:
http://chenxiwang.wordpre...tack-not-cloud-computing/

Bruce Schneier(comment on cnn) : a backdoor into Gmail(required by US Govt) may have been used:
http://www.cnn.com/2010/O...google.hacking/index.html

SKA
   
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: January 24, 2010, 10:33:36 PM »

Bruce Schneier(comment on cnn) : a backdoor into Gmail(required by US Govt) may have been used:
http://www.cnn.com/2010/O...google.hacking/index.html
Take that with a pinch of salt before panicking - even if a backdoor has been used. The way CNN states this makes it sound like there's a backdoor in gmail that's as easy to use as entering a special username+password, and that the hackers penetrated google with this...

It's probably more along the lines of machines being exploited through the aforementioned IE flaw (or other means), letting the hackers inside the corporate network - and from there on exploring said corporate network. And once in there, they'd be able to look at non-internet-facing servers - which might include gmail storage servers (I'd kinda expect those to be encrypted, but who knows).

It's pretty much all guesswork, anyway. And that CNN link... is that an essay directly written by Schneier, or is it a CNN butcher-piece of this? - the latter is a lot less sensationalist then the CNN piece, and doesn't support what is probably the most alarming paragraph of the CNN piece:
Quote
In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
Logged

- carpe noctem
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: January 24, 2010, 10:45:56 PM »

Well said F0d Man. Media sensationalism at its finest.

Seems the essay was directly from Schneier, though.

Ehtyar.
Logged
Stoic Joker
Honorary Member
**
Posts: 5,346



View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: January 25, 2010, 07:49:23 AM »

Looking at the links SKA posted, there seems to be conflicting accounts on the initial entry point (Chenix Wang does however strike me as being a bit more pragmatic & believe-able). Not to mention that if the object is stealth it makes no sense to go through the trouble to hack the same network twice ... Especially if round 2 involves targeting something that by design is supposed to be monitored, logged, and scrutinized to the Nth power.

Most likely (to me) is to quietly slip into the VPN (because that's the (LEO's access level) gravy chute), and then use a few of the internal machines to create a tantalizing distraction of complexity. Sure G2G is tricky to get into if designed properly, but C2G (hehe) not so much. All you really need is someone with a badge & an iPhone to ask a ("support") question...and time.
Logged
Edvard
Coding Snacks Author
Charter Honorary Member
***
Posts: 2,596



View Profile Give some DonationCredits to this forum member
« Reply #16 on: January 27, 2010, 11:11:20 AM »

#9  Grin cheesy Grin Thmbsup Thmbsup Kiss Kiss
BWAHAHAHAHA!!!11!!11

I'm posting that on my Facebook...  Evil Evil Evil
Logged

All children left unattended will be given a mocha and a puppy.
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.051s | Server load: 0.08 ]