LookingGlass Vendor of the week: Trillian

It has been a few weeks since I did a Vendor of the week post and I think its a great way to start off the week. Trillian has some bugs that you can read about here. Remember without protection like ASLR and NX vulns are easier to exploit.

The LookingGlass run of it:

Update on Apple and QuickTime

I just read at the Infosec Blog that a new version of QuickTime has been released that contain fixes that should make QuickTime harder to exploit on Vista. I say should because although it is a good start Apple did not completely close the loop. The reason ASLR is important to thwarting hackers is that the memory space of an application is randomized, or as the king would say, they are all shook up. Since most buffer overflows rely on knowing where a piece of code or data is in memory, the randomization can turn a remotely exploitable bug into nothing more than a Denial-of-Service. Although targeted attacks against individuals may still be possible, widespread QuickTime exploits will be much harder to write.

Not to signal doom and gloom but there is a problem or two. The main problem with implementing ASLR is that is really is all or nothing venture. If you have even one static shared library you open yourself to compromise. Below are screenshots of the new QuickTime from a filesystem and a process point of view using LookingGlass. Although most of the files are now marked as ASLR enabled there are still a few binaries that are not and could still provide an attacker a static location to utilize.

Don’t let these few oversights detract you from the huge stride forward Apple is making Vista users safer. It is good to see Apple embracing these security enhancements and I encourage other vendors, like Adobe, to follow their lead. I also hope that Apple extends these improvements to the other products offered to Windows users.

QuickTime File system scan withLookingGlass.

QuickTime Process scan with LookingGlass.

LookingGlass Vendor of the week:ATT

I have a Dell XPS 1330 with a built-in HSPDA card. Becasue of this I get some software branded ATT and its next up in my Program File directory. Bad ATT, no donut. This scan was done with LookingGlass 1.1 and the Microsoft SDL policy.
The stats say it all:

The LookingGlass Vendor of the Week: Adobe

With the CanSecWest PWN2OWN contest pending the vendor for this week is particularly important. Adobe is fair game in PWN2OWN and this week it gets the scrutiny of the LookingGlass scanner. The first screenshot is from a filesystem scan, the second is the process scan of the Adobe reader, the 3rd is of a Flash helper application that I was unaware was running and I still don’t really know what it does. Since Flash is owned by Adobe now I decided to include it. As you can see there is an abundance of dangerous features and spotty support for ASLR and NX.
Up next week is AT&T.

The lookingGlass vendor of the week.

Now that a beta version of LookingGlass has been released, I will do a write up once a week on a vendor and how they fare under the scrunity. First up is Apple. The reason Apple gets the initial treatment is that Apple’s Quicktime inspired the creation of this tool. The two Apple applications I have installed are Quicktime and iTunes. Both have modules that do not support ASLR and NX. This can give an attacker a static location to make a remote overflow work, which allowed the two previous RTSP attacks to be exploitable. I doubt you will see a change anytime soon since I doubt Apple would want to have a more secure version of their software running on Vista than they would on OSX.

Next week: Adobe