Pcmca is software that will attempt to automatically write an exploit for memory corruption bugs in software. Can greatly save time in reverse engineering.
The code is available at:
https://github.com/toucan-system/pmcma
while the main site is simply http://www.pmcma.org
It was presented at the blackhat conference in Vegas this year. Here are the slides and whitepaper!
http://www.pmcma.org/wp-content/uploads/2011/09/bhus_2011_brossard.pdf
http://www.pmcma.org/wp-content/uploads/2011/09/BHUS-2011_Brossard.pdf
+++
Okay, I am sure everyone has heard of the recent DigiNotar "Debacle" but if not here is a good link to tell you what is up.
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
This next link is the raw spreadsheet data of the compromised certs!
https://svn.torproject.org/svn/projects/misc/diginotar/rogue-certs-2011-09-04.csv
and here is the tor projects latest blog post:
This is the list of CA roots that should probably never be trusted again:
DigiNotar Cyber CA
DigiNotar Extended Validation CA
DigiNotar Public CA 2025
DigiNotar Public CA - G2
Koninklijke Notariele Beroepsorganisatie CA
Stichting TTP Infos CA
The most egregious certs issued were for *.*.com and *.*.org while certificates for Windows Update and certificates for other hosts are of limited harm by comparison. The attackers also issued certificates in the names of other certificate authorities such as "VeriSign Root CA" and "Thawte Root CA" as we witnessed with ComodoGate, although we cannot determine whether they succeeded in creating any intermediate CA certs. That's really saying something about the amount of damage a single compromised CA might inflict with poor security practices and regular internet luck.
Of particular note is this certificate:
CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR
The text here appears to be be an entry like any other but it is infact a calling card from a Farsi speaker. RamzShekaneBozorg.com is not a valid domain as of this writing.
Thanks to an anonymous Farsi speaker, I now understand that the above certificate is actually a comment to anyone who bothers to read between the lines:
"RamzShekaneBozorg" is "great cracker"
"Hameyeh Ramzaro Mishkanam" translates to "I will crack all encryption"
"Sare Toro Ham Mishkanam" translates to "i hate/break your head"
Sunday, September 4, 2011
Subscribe to:
Post Comments (Atom)
I was down in the dumps after my Encounter with this company. I should have known better but their attractive offers made me ignore the red flags.
ReplyDeleteThey took a lot from me and i kept falling for their tricks. Some tech expert from
paytondyian699@gmail.com
pulled a successful chargeback and i recovered my losses back