I play with vulnerabilities and exploits. @wdormann@infosec.exchange

Joined August 2012
Will Dormann retweeted
It may seem fair that Android "can't fix" this bug as it's in 3rd party code, but even after Arm released a public patch, it look 3 months for Android to apply the patch. Sadly, this is not a one off, as the list goes on: github.blog/2023-01-23-pwnin… IMO this is worse than having 0day
1
15
36
Show this thread
I just was told that choosing installation options that are presented to a user counts as "deliberately choosing an insecure layout" I wonder how widely known it is that where you choose to install software (if you can) may have a direct impact on the security of the system?
5
3
26
Can confirm. If you're one of those weirdos who prefers to not be vulnerable to CVEs, and you've enabled the OPT-IN (🤔) fix that Microsoft released for CVE-2013-3900, you'll find that it's gone after upgrading to Win11. EnableCertPaddingCheck is gone, along with the parent keys.
PSA: Upgrading to #Windows11 wipes out security mitigations for CVE-2013-3900, meaning that if you upgrade you must re-apply said mitigations.
3
27
2
92
I mean, hell, even searching Google for "python" brings you to malware. Please, Google. Convince me that you're doing something about this. Anything at all.
6
18
4
57
Google: "We have robust policies prohibiting ads..." Translation: "We have rules written down somewhere that state 'thou shall not' under penalty of (??)" Google: "... and we enforce them vigorously" Translation: "We might get around to manually taking down violators eventually.
4
24
4
97
I'm continuing this thread to have a record of what Google ads link to what malware and when. And also to periodically check if they've done anything about it. Mute the thread if you already grok Google's business model of profiting from malware distribution.
2
4
30
If you're a poor sap that used Google to search for Blender, you'll probably have to scroll to get past the malware ads. Four out of the FOUR Ads for blender link to malware. That's 100%. A+!
6
14
2
39
How about @AMD or @nvidia? Even though NVIDIA pays Google Ad money, Google encourages visitors to go to malware-distributing site instead of the real company, listing the malware ad first. Presumably for reasons. Neat.
6
12
1
28
Some of the domain names aren't "obviously" malicious. e.g. the schumanlawfirm[.]com site that you get as an ad for "winrar" 🤔 It seems like a normal site. But when you view it with the google Referer header, plus the appropriate utm_term value, you get the fake download site.
2
2
17
You also get the same schumanlawfirm[.]com malware site when you search for 7-zip. And it still serves up the WinRAR-branded malware. "I don't click ads" "I wouldn't fall for this" "I use an ad blocker" Congratulations? Some people do fall victim to this. It's a numbers game.
4
12
1
39
We're over 1 week into when I personally first started pulling this thread, and the Google malware ads are still going strong. Presumably it's been happening well before I started looking into it.
3
12
1
23
Google employee 1: www[.]homeforcutepets[.]com has paid us money to advertise their link for any time somebody searches for "winrar" This seems a bit... weird? Google employee 2: What part of "has paid us money" don't you understand? Google employee 1: Sorry. Let's promote it!
2
10
4
40
How about winrar (again)? Google ad for www[.]rajaimpexindo[.]com which redirects to rar-lab[.]top which has download w/ a VT detection rate of 0 But retrieves PowerShell from softs-lab[.]ru/winrar.gpg which installs GPG and decrypts bad stuff w/ password of "putingod"
3
3
9
It would be useful to know all the targeted #GoogleAdMalware ad words. But TBH, I'm just picking some apps that I think are popular, and/or ones that @malwrhunterteam mentions. Google might be doing *something* about it, but it's not enough to be noticeable. The ads are bad. 🤦‍♂️
3
1
11
And while the #GoogleAdMalware download for Visual Studio Code gets 10 detections on VirusTotal, the malicious fake WinRAR installer still gets ZERO detections, despite being first submitted two days ago. Google is still promoting malware. AV isn't detecting things. Good luck? 🤷‍♂️
4
10
1
20
I've heard a rumor that Google is trying to do something about the #GoogleAdMalware problem. However, as a member of the unwashed masses and I see THREE malicious Blender ads before the legitimate site ad is listed, I remain firmly in the "I'll believe it when I see it" camp.
1
3
9
Show this thread
The next time my Twitter feed spontaneously switches to "For You" is probably when I'm done with this site.
7
30
If you want to see this happen yourself, it's quite easy: 1) Close your browser 2) Go back to twitter.com 3) Look at whether you're still seeing "Following" or not Leon and the handful of remaining Twitter employees don't give a shit about what you want to see.
4
1
2
Just normal Twitter stuff going on here. Everything is fine.
6
9
46
Hi-larious. I suggested that Bugcrowd triage likely didn't even read the report that I sent in. The response: I'm basically now on double-secret probation, all while avoiding answering my concerns. How do people even deal with using these awful sites?
2
3
13
Show this thread