[Dailydave] More info on SSLMAGEDON

Dave Aitel dave at immunityinc.com
Mon Nov 17 10:59:50 EST 2014


Our friends at BeyondTrust have a page on the bug now:
http://blog.beyondtrust.com/triggering-ms14-066

One thing I think people are missing is that this bug works by default
on Windows 7 and above. You can force a client cert down Window's
throat, which triggers the vulnerability regardless of configuration
settings. Of course, what you do next, is the fun part. Immunity's
researchers are investigating many techniques, one of which is to attack
the crypto variables directly. This may allow a Heartbleed-or-worse
style exploitation without code execution at all.

Of course, this is still under testing, and our framework (in CANVAS
Early Updates) is being updated daily.

Thanks!
Dave Aitel
Immunity, Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141117/1d9725ad/attachment.sig>


More information about the Dailydave mailing list