In association with heise online

07 December 2012, 16:22

Lost+Found: Cyber weapons manufacturers, ASLR, PowerShell and the Dalai Lama

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found icon Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: General Dynamics is looking for exploit authors, picky malware, Microsoft improves ASLR in Windows 8, hooking the CryptProtectData() function, Mac malware targeted at the Dalai Lama, and a support backdoor becomes a real problem.

  • If nobody buys submarines, tanks and war planes any more, new ways of making money have to be found: General Dynamics is looking for security experts with experience in the field of exploit development – among others, targeting platforms such as Linux, Android, BlackBerry and iOS.
  • The Shylock malware is quite picky: it only executes itself on systems with at least 12GB of hard drive space, 256MB of RAM and a running smart card service. It does these checks not because it needs a lot of system resources to run, but to weed out virtual machines – which are often used in virus test labs – from real systems. This way, Shylock tries to evade analysis.
  • Microsoft has further improved scrambling memory (Address Space Layout Randomisation, ASLR) in Windows 8. How exactly this works is explained by the two security specialists Artem Shishkin and Ilya Smith.
  • Developer Adam Driscoll shows how to hook the CryptProtectData() function of the Data Protection API in Windows. The data, which should actually be protected, gets dumped in clear text into a file.
  • F-Secure has discovered new Mac malware called "Dockster" which is apparently targeted at followers of the Dalai Lama. The systems are infected via a vulnerability in older Java versions.
  • In a Technical Advisory dealing with the case of a default password found in the Symantec Messaging Gateway in August, Ben Williams points to the Linux kernel Symantec is using: it was released in 2007 and includes a number of privilege escalation holes. This elevates a support backdoor to a remote execution exploit.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit