SoylentNews is people
SoylentNews
from the still-better-with-than-without dept.
Submitted via IRC for SoyCow1984
Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn't be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.
AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.
Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database—known as the Security Account Manager—that stored credentials he needed to pivot onto the corporate network.
"With the help of AVGater, I gained local admin privileges," Bogner wrote in an e-mail. With full control over the employee computer his exploit provided, he had no trouble accessing the credential store, which is commonly known as a SAM database. "So AVGater was VERY useful during several of our pentests and red-teaming assignments."
(Score: 2) by TheRaven on Sunday November 19 2017, @08:57PM
They did, then Microsoft invested a couple of billion in static and dynamic analysis tools. They required all certified device drivers to run the static analysis tools, shipped all system DLLs with control-flow integrity enabled by default, added zero-address-space-reuse allocators for a lot of system services and moved others to being written in a managed language to avoid memory safety errors.
This is absolute nonsense. 'UNIX security' was a joke until the mid '90s.
The traditional UNIX security model gives every file a simple 9-bit bitmask of permissions for everyone, owner, and group. In contrast, Windows NT has had access control lists for every single kernel object since its creation. These can specify a range around a dozen permissions for each user in the system independently. Modern *NIX systems add these, but I've rarely seen them used in real deployments.
The Linux kernel alone has had well over a hundred CVEs this year, including several that allow remote arbitrary code execution. A lot of open source server packages have also had vulnerabilities, even without going to the security nightmare that is PHP. If you think running *NIX makes you safe, you really shouldn't be running a server attached to the Internet.
sudo mod me up