Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome
New Posts  All Forums:Forum Nav:

[MaxPC] Zero-day to Breach Chrome - Page 3

post #21 of 36
Quote:
Originally Posted by wamubu View Post
If it is truly a browser vulnerability, it's one thing to do it in Windows, but what about Linux or ChromeOS?
From what I've dabbled in with exploits I'm pretty sure that the vulnerability could easily exist between different OSes, the payload would just have to be changed to accommodate the different environments.
P750DM2-G
(5 items)
 
  
CPUMotherboardGraphicsHard Drive
6700k P7xxxDM2-G Nvidia 1070 Samsung 960 Pro 500GB 
Hard Drive
Samsung 850 Evo 1TB /w Rapid 
  hide details  
Reply
P750DM2-G
(5 items)
 
  
CPUMotherboardGraphicsHard Drive
6700k P7xxxDM2-G Nvidia 1070 Samsung 960 Pro 500GB 
Hard Drive
Samsung 850 Evo 1TB /w Rapid 
  hide details  
Reply
post #22 of 36
Quote:
Originally Posted by .:hybrid:. View Post
I'm fairly sure so far there isn't a hack for vmware/virtual box etc, would like a source to what you just said...
I know viruses do detect if they are in a virtual enviroment and then just disable themselves so that it won't get picked up by an av, hoping to trick the user into thinking its safe and manually bringing it onto their real pc.
Seconded - I don't see how a virus could move itself from a VM guest to host system (especially if they're different operating systems)
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #23 of 36
It's taken quite a while, Chrome has solid security. My guess is Google is going to pay the reward that they offered to the first hacker that found a hole?

Nevermind, it was only for the Pwn2Own contest.

Quote:
"On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code," the PWN2OWN contest rules state. "If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope."
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
post #24 of 36
Quote:
The company announced its success in a blog post on Monday. In keeping with the company's stated policy, the technical details of the vulnerability are only available to its government customers.
Well isn't that lovely.
Slow and Crappy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 960 Asus Rampage II Gene GTX480 6x 2GB Mushkin Redline 
Hard DriveOSPowerCase
OCZ Vertex 3 MaxIOPS 120GB / 2x WD RE4 2TB RAID 1 Windows 7 Ultimate 64-bit SP1 Corsair TX850 V2 Lian-Li PC-A04B 
  hide details  
Reply
Slow and Crappy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 960 Asus Rampage II Gene GTX480 6x 2GB Mushkin Redline 
Hard DriveOSPowerCase
OCZ Vertex 3 MaxIOPS 120GB / 2x WD RE4 2TB RAID 1 Windows 7 Ultimate 64-bit SP1 Corsair TX850 V2 Lian-Li PC-A04B 
  hide details  
Reply
post #25 of 36
Quote:
Originally Posted by timAHH View Post
Well isn't that lovely.
Oh, so you want them to announce all the details publicly so that anyone on an easily hackable version of Chrome can be at risk?

That reminds me of how news stations release every bit of detail about a case in the search for a criminal. Cool, let them know that we're onto them and give them the perfect information they need to get away.
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
post #26 of 36
Thread Starter 
Quote:
Originally Posted by .:hybrid:. View Post
I'm fairly sure so far there isn't a hack for vmware/virtual box etc, would like a source to what you just said...
I know viruses do detect if they are in a virtual enviroment and then just disable themselves so that it won't get picked up by an av, hoping to trick the user into thinking its safe and manually bringing it onto their real pc.
Quote:
Originally Posted by chemicalfan View Post
Seconded - I don't see how a virus could move itself from a VM guest to host system (especially if they're different operating systems)
Sandboxes are still software constructs running within a host system. The sandbox still communicates with the host and there are absolutely way to break out.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #27 of 36
Quote:
Originally Posted by DuckieHo View Post
Sandboxes are still software constructs running within a host system. The sandbox still communicates with the host and there are absolutely way to break out.
ofc anything is possible, but has it been done? I can see a program like sandboxie being hacked easier then a full blown vm
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
post #28 of 36
Quote:
Originally Posted by .:hybrid:. View Post
ofc anything is possible, but has it been done? I can see a program like sandboxie being hacked easier then a full blown vm
It can & has. It happened to me last year running Sandboxie actually in a VM. Rootkitted by a rather nasty one that I found with Gmer, but couldn't eliminate. Nothing else detected it, and I'm a security fiend. I keep HiJackThis, TDSSKiller, RKill, Gmer, SAS, Malwarebytes, ClamWin, ProcessExplorer, Spybot, and many others on hand in case of emergency. Ofc, new rootkits/viruses/spyware & such can't be detected, unless the payload has been sent to the security programmers for them to inspect.

Before you ask, no, I wasn't dl'ing anything. A drive by with JS, I suspect.

Oh, you could find the file, change/disable all the reg entries, secure delete it, and it would just clone itself to a different file location & rename itself before it would allow the deletion. Insidious little b*****d drove me crazy.

Fortunately, I keep an Acronis disk image of my OS drive for just such problems. After a few hours of playing around with it, I just did a destructive re-flash on my ssd's firmware, formatted, and reinstalled from the disk image. Added that site to Peerblock's list, and went on my merry way.
Edited by Lucky 13 SpeedShop - 5/10/11 at 10:51am
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
post #29 of 36
cool.
post #30 of 36
Quote:
Originally Posted by .:hybrid:. View Post
ofc anything is possible, but has it been done? I can see a program like sandboxie being hacked easier then a full blown vm
It's usually done by having shared folders enabled or through networking; both of which are enabled by default in VMWare for example. Or having direct access to the hard drive.

Viruses breaking out due to a 0-day exploit are extremely rare but I have heard of them in a couple blackhat sites. The exact names of those specific viruses, I can't remember.

You might be interested in:
Quote:
http://www.infoworld.com/d/security-...esentation-333
Since I wrote my column on Virtual Machine (VM) security vulnerabilities (click here), I've received many emails asking how I can break out of VMWare, Xen, or any of the other VM technologies?

Essentially, the majority of VMs "hook" interrupts and APIs on the host operating system. It's the way they work. Malware can walk the interrupt vector table or VM interface subroutines, find the VM hooks, and insert itself one call above or replace a sub-routine. So far, I haven't found the VM that protects against this, although various host OSs are doing more and more to prevent interrupt vector table manipulation on their own.

If you are an assembly language programmer (like I am), it is fairly easy to write a short demonstration program. I have written two, but I'm under NDA with the vendor that paid me to do the work. But what I did wasn't rocket science, and with just a little digging, you too can find the weaknesses (if you're a threat modeler).
Quote:
http://searchcloudsecurity.techtarge...urst-VM-escape
Cloudburst virtual machine escape is an exploit method that enables a guest-level virtual machine (VM) to attack its host. The method takes advantage of a flaw in VMware Workstation working in conjunction with Cloudburst, IBM's cloud service provisioning software for cloud providers.

In a virtual machine escape, an attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. A VM escape gives the attacker access to the host operating system and all other virtual machines running on that host.

Research firm Kostya Kortchinsky Immunity Inc. developed the Cloudburst VM escape method.

Cloudburst and similar exploits take advantage of security vulnerabilities like heap or stack-based memory buffer overflows, direct memory access weaknesses, and insufficient process isolation to gain unauthorized access to system resources and other processes.
To block these attacks and ensure secure domain separation, hardware security components such as Intel TxT and Vt-d that protect memory and execution space and that isolate input/output devices. Red Hat Enterprise Linux with strict SE/Linux security policies as the host OS.

Quote:
http://www.infoworld.com/d/security-...l-security-725
In my "Where Windows Malware Hides" document, I specify more than 130 file and registry locations where malware can hide to spread in Windows. Most sandbox protection products only protect against a dozen or so file and registry locations.

All OS virtual machine products, which might be able to protect all vulnerable locations, can be detected by the bad guys and be circumvented. There are a few products that perform the virtualization outside the host; although these offer additional protection, even they can be detected -- and have their own additional problems, to boot.

2. Most virtual protection products don’t respond well to encoded attacks. Encoding is a popular malicious method for bypassing the initial inbound checks of a security product. Hackers and malware writers often encode malicious HTML commands into hexadecimal, double-byte, dotted decimal notation, or Unicode, instead of the ASCII text we, and protection products, expect. In many cases, the end result is that slight modifications to malicious commands are not detected or prevented.

Edited by PoopaScoopa - 5/10/11 at 11:38am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome