Main Area and Open Discussion > Living Room
Tech News Weekly: Edition 3-10
f0dder:
This was like taking candy from a baby.-Ehtyar (January 24, 2010, 08:43 PM)
--- End quote ---
Not exactly - finding an exploit like that requires a fairly decent understanding of not only Windows internals, but also above-average knowledge of CPU detail (and that's above-average for assembly programmers, mind you). There's automated tools that can find "areas of interest" for a number of exploit types, which can then be further analyzed by a security researcher (or malware writer) - this NTVDM exploit is something extraordinaire.
And while it might not be in the wild yet, you can be pretty sure it's already added to blackhat toolset, and will be added to drive-by rootkits any time now - with good reason. It's even worse than the linux kernel 2.4->2.6 privilege escalation exploit (which was bad enough - iirc that was around 8 years of kernel revisions, and multiple architectures).
Privilege escalation might not be as sexy as remote holes, but it's a dangerous addition once a hole is found... and when you get not only admin but can go kernel-mode "silently", and it can target such a large installation base - ouch!
Ehtyar:
And when it's successfully exploited on such a grand scale, I'll be impressed. Until then, it's stationary target practice.
Ehtyar.
SKA:
Possibly OT, but Google says attack came in thru its corporate VPN:
http://chenxiwang.wordpress.com/2010/01/21/why-google-and-microsoft-were-at-fault-for-the-attack-not-cloud-computing/
Bruce Schneier(comment on cnn) : a backdoor into Gmail(required by US Govt) may have been used:
http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html
SKA
f0dder:
Bruce Schneier(comment on cnn) : a backdoor into Gmail(required by US Govt) may have been used:
http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html-SKA (January 24, 2010, 10:20 PM)
--- End quote ---
Take that with a pinch of salt before panicking - even if a backdoor has been used. The way CNN states this makes it sound like there's a backdoor in gmail that's as easy to use as entering a special username+password, and that the hackers penetrated google with this...
It's probably more along the lines of machines being exploited through the aforementioned IE flaw (or other means), letting the hackers inside the corporate network - and from there on exploring said corporate network. And once in there, they'd be able to look at non-internet-facing servers - which might include gmail storage servers (I'd kinda expect those to be encrypted, but who knows).
It's pretty much all guesswork, anyway. And that CNN link... is that an essay directly written by Schneier, or is it a CNN butcher-piece of this? - the latter is a lot less sensationalist then the CNN piece, and doesn't support what is probably the most alarming paragraph of the CNN piece:In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
--- End quote ---
Ehtyar:
Well said F0d Man. Media sensationalism at its finest.
Seems the essay was directly from Schneier, though.
Ehtyar.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version