So you are a good user that does their software updates right? Windows Automatic updates are turned on and going. How about those third party applications like Java, Winzip, iTunes or even notepad++? You have those automatically update right? What you are about to see will probably cause most of you to run over and shut those down now! It's quite scary. While the attack is relatively simple as far as technical aspects go, it seems to me that it can be a way to get into systems that you would think not possible otherwise due to the dilligence of some users to update their applications.
Evilgrade
Here is a demonstration from John Strand:
John Strand's Evilgrade demo
It looks, works and feels like metasploit. This just goes to show that we need to verify updates with checksums on the software company's website, if they offer one. If not, we should be testing them in a lab to see how the react first. This even goes for those of us distributing these via something like SCCM or Shavlik. Keep your eyes peeled for these types of things! People get very sneaky when you have a resource they want.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment