SoylentNews is people
SoylentNews
from the the-gift-that-keeps-on-giving dept.
Submitted via IRC for SoyCow1
Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit.
(Score: 2) by Snotnose on Wednesday November 01 2017, @11:29PM (1 child)
But while I love Python, it isn't exactly a low level programming language like C/C++. If Python can break your security, your security is seriously broken.
Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
(Score: 5, Interesting) by Virindi on Wednesday November 01 2017, @11:55PM
Huh? Even high level languages tend to be capable of assembling buffers of arbitrary bytes (aka packets). We're not talking about complex manipulation of memory and opcodes here, this is a REMOTE exploit. As in, if you send the right packet (or packet sequence) to the target, it has an unintended effect.
If the effect generated on the target is a stack overflow, the ROP/shellcode payload will not start by executing in Python. But you could still send it from a Python script on the attacking PC.