23.02.2015, 08:13
F4z napisał(a):To ja zgłoszę problem, VoodooShield nie poradził sobie z exploitem.Wydaje mi się, że to problem zgłoszony przez Miquella od nas, o czym świadczy komentarz, pod obszernym postem w którym Dan pisze na ten sam temat...ale F4z pisze o tym bezpośrednio...sam nie wiem...jeśli się jednak mylę, to przepraszam i proszę o sprostowanie...nie chce nikomu odbierać splendoru bycia odkrywcą
Cytat:I am going to post a link to some really, really, really bad viruses, malware and exploits.
PLEASE ONLY TRY ON TEST SYSTEMS OR VM''s
[Aby zobaczyć linki, zarejestruj się tutaj]
The reason I am posting this is because some dude supposedly found a way to bypass VS, although I have tried it several times and could not get it to work. Here is the one that he says can bypass VS... once again, PLEASE ONLY TRY ON TEST SYSTEMS OR VM''s... this will really mess up your computer.
[Aby zobaczyć linki, zarejestruj się tutaj]
I tried to make the above links not clickable, but for some reason I cannot, so please be very careful! But please try some if you get a chance, I would like to see how VS does.
The good news is, if it really did bypass VS, then it is a simple fix that was suggested by the guy who supposedly bypassed VS. Basically, when VS is installed, it also installs the C++ 2010 runtime. There are 2 versions of the runtime, one for 32 bit and one for 64 bit. Since VS seemed to work well with just installing the 64 bit runtime, I left out the 32 bit runtime for windows 64 bit systems... there is no reason to install extra stuff we do not need. And besides, the C++ runtimes seem to conflict with each other (on occasion), if for example, a different software was using an old C++ runtime. So I am going to do some more testing, and if we do need the 32 bit C++ runtime for 64 bit systems, then I will include it in the next release if we need to. I have talked to the guy, and he seems like a good guy with good intentions, and I definitely appreciate his help. Because if VS does have a security hole, we need to fix it .
Here is the video of him bypassing VS... although I do not see an executable start, and if you watch his other "VS" (versus) videos, you will notice that the exploit does not get as far in the VoodooShield video. Although, he is saying that might be because it is an old exploit. But to me that does not make sense because why would they take down the html, but not the exploit / payload.
[Aby zobaczyć linki, zarejestruj się tutaj]
If you do want to install the 32bit C++ runtime just to be extra safe while I figure out if we really need it or not, here it is:
[Aby zobaczyć linki, zarejestruj się tutaj]
Thank you Miquell for letting me know about this! It is kinda funny how we were just talking about exploits . Now we can test and see! But seriously, please only try these on a test computer or VM, and either way, please be extra careful! Thank you!
[Aby zobaczyć linki, zarejestruj się tutaj]
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"