[Dailydave] Gifts

[Dave Aitel]

    Angel <http://en.wikipedia.org/wiki/Angel_%28Buffyverse%29>: And
    Buffy, be careful with this gift. A lot of things that seem strong
    and good and powerful, they can be painful.
    Buffy <http://en.wikipedia.org/wiki/Buffy_Summers>: Like, say...
    immortality?
    Angel: Exactly. I'm dying to get rid of that.

We put the 32 bit (or we will shortly) version of the PTRACE exploit
into CANVAS Early Updates. I know there are not a lot of 32-bit machines
around who need to be owned, but you never know. We also updated the 64
bit version, so if you already downloaded that, you'll want to update.


























    Also, we released a new CANVAS, and the best new exploit in it is
    the new Adobe Flash Regex exploit.

I know there's some sort of malware
<http://malwaremustdie.blogspot.ca/2013/02/cve-2013-0634-this-ladyboyle-is-not.html>that
uses this vulnerability but one of the advantages of using CANVAS is
that you get a working version of this exploit that AV's can't catch
(it's hard to build generic detection for this sort of thing). We've
done a ton of QA on it as well, and it does magic info-leaks and various
other tricks to do things properly. I know the team went back and forth
with a few strategies during the process of building it. It's fun to
watch - one of the small pleasures of the job.

















    '-dave











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130321/a0f47d56/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130321/a0f47d56/attachment.sig>