Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: dave (daveimmunityinc.com)
Date: Thu Sep 30 2010 - 13:41:10 CDT
Replication is a strange thing - people look at it and always think "Self
Replication", but there's many kinds of replication across a network - all of them
1. self-propagation (i.e. cloning. you are me.)
2. partial cloning (you are a piece of me. A.k.a.: You don't need my whole brain to
accomplish your goals)
3. ghosting (You are deliberately brain damaged and useless and everywhere in order
to confuse my opponent)
4. migration (I'm going over there, and removing myself from here - perhaps it got
too hot on the box I'm on)
Being able to recognize your own ghosts and clones properly is a cryptographic task
worth investing in. I'm sure it's fun for the right kind of masochist.
Stuxnet only does self-propagation, to my knowledge (although I'm excited to see what
the AV companies and Microsoft say today at vb2010 - I'm guessing they will say that
no one has "publicly" released the 0day, which is true for some values of "publicly").
In any case, Immunity has released both of the 0day used in Stuxnet to CANVAS Early
Updates (which I consider to be "public", even if it's commercial. McDonalds is
public, even though you have to exchange money for your burger.). (You can brute
force your CANVAS Early Updates password here:
They're both great bugs! Kudos to our Israeli friends, or as they say in Tel Aviv
"חרא. אנחנו נתפס."
As of today, the oracle padding exploit for .NetNuke is in CEU as well. We didn't
beat out the Microsoft patch on that one, but we probably beat out most people's
application of the Microsoft patch...especially considering none of the workarounds
The reality is that people focus on .NetNuke, but as an attacker I'm happy to collect
everyone's IIS server's web.config, and then come back to the problem of attacking
that box's application later. So if you're not running .NetNuke, you're still in a
world of hurt unless you installed the patch.
Dailydave mailing list