This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.
Related news
- Hacking Forums
- Pentest Tools For Windows
- Pentest Azure
- Pentest Smtp
- Pentest Dns
- Pentest With Kali
- Hacker Typer
- Pentest Red Team
- Hacker Lab
- Hacking Tutorials
- Hacker Tools
- Hacking With Raspberry Pi
- Pentest Windows
- Pentest Iso
- Hacking Simulator
Digg/username
Flickr/username
Myspace/username
Facebook/Your Name
Friendster/Your Name
Virb/username
Linkedin/Public Profile Name
Twitter/username
YouTube/username
Last.fm/username
Del.icio.us/username
Wikipedia/username
Wishlist/Your Name
GMail/Your Name
coComment/username
iJigg/username
PureVolume/username
Upcoming/Your Name
Kongregate/username
Zaadz/username
Technorati/username
MyBlogLog/username
Blog/Your Name
Subscribe by email. Enter your email address below: 
0 comments:
Post a Comment