Monday, July 28, 2008

You have a new update available...

On the tail of the huge DNS flaw, Argentinian group InfoByte Security Research have released a shocking new tool to exploit insecure application updates using man in the middle attack including Kaminsky's DNS poisoning.

Essentially "Evilgrade" is both an attack toolkit and mock update server framework to redirect application's update services to the host running Evilgrade. If successful full system compromise is capable giving the attacker a passive way to amass a botnet.

Evilgrade has support for exploiting the following popular program's update services:
Java, Winzip, Winamp, Mac OS X, OpenOffice, iTunes, Linkedin Toolbar

So what is the upside to such a scary tool? It will likely force developers to create new a new secure process for pushing updates, probably moving to some sort of PKI architecture.

No comments: