HACKERBOT

shotting.cc

DEFCON-1

HOME

WELCOME TO SHOTTING.CC

Exploiting Intel A9

Intel's latest architecture might have fixed Spectre and Meltdown - but has the patch secured the chip, and RAM from exploitation?

For proof of concept of existing RAM exploits - take the C function MALLOC_()

MALLOC() can reserve memory (RAM) for later access without wiping the RAM before the user accesses memory.

Then we have the OS (Operating System) Read/Write functions that also can be exploited to gain access to RAM/memory.

Has the latest series of Microsoft/Linux/Macintosh Patches fixed these security holes?

Furthermore - one must now consider 'software' to be insecure by default. Exploit-Patches (Ex-PAtS) can be administered to software to modify the software (Opera for example) to extract all Read / Write operations at the OS Level to be output to file. Namely the read operations are of most interest where passwords are being read from decrypted RAM areas into password boxes.

If all software without hashing algorithms to detect minor changes to the software's code is vulnerable then what exactly can BE trusted?

Only major software labels can afford the expense of including hashing algorithms into their code - leaving most the software market exploitable by patches. Even hashing algorithms can be exploited by modifying the software's stored hash so comparison matches the Ex-pAtS software.

If software is malleable and modifiable then is any system secure? The simple answer is no.

Remember downloading cracks for Photoshop and one crack did nothing so you went on to try another? That crack is now on your system and steals your data. Even money from your bank. That is called a payload.

You cannot trust download.com - my own software I was building as a developer got exploited by modern trojans (Dangerous software!) that passed all download.coms checks and spread the virus to 10,000 users.

Perhaps laptops should be closed in systems like mobiles with stores. But even stores cannot check everything that is submitted.

The main problem is software needs functionality, the same functionality, of say a trojan horse. It might need internet communications ability to talk to its own servers - and this is the problem even A.I. cannot detect.

Valid CSS!