Posts Tagged ‘Python’
Tuesday, July 16, 2013 @ 03:07 PM gHale
While out of the attack malware piece for quite awhile, there is now a piece of malicious software targeting Mac devices.
An interesting aspect to Backdoor:Python/Janicab.A is the file that hides the malware uses the right-to-left override (RLO) character to mask its extension, said researchers at F-Secure.
The Unicode RLO character supports languages written right to left, such as Hebrew or Arabic. However, malware developers have been abusing it to mask the extensions of malicious files.
In the case of the Mac malware analyzed by F-Secure, the malicious file has the .app extension (RecentNews.fdp.app). However, because the RLO trick is in play, the Unicode character ends up placed before the “f,” the file becomes RecentNews.ppa.pdf.
Once launched, the malware drops a decoy document. In the meantime, it creates a cron job for its launch point, and a hidden folder where it stores its components.
The malware gets its command server’s address from YouTube videos and other websites.
Its main goal is to take screenshots and record audio by using a third-party application called SoX.
Janicab.A’s code in Python, it uses py2app for distribution, and it ended up signed with an Apple Developer ID.
Friday, April 13, 2012 @ 05:04 PM gHale
Python developers released updates for Python 2.7 and 3.2 with changes that address several security issues, including two fixes for hash collision problems.
The flaw allows attackers to create key/value data crafted so the hashes for the keys are more likely to collide. This forces the system to spend much more time when creating key/value hash tables and can then work in a denial of service attack.
A user can avoid the issue by using a randomized hash function, now implemented in the four versions of currently supported Python. One fix corrects Python’s own hashing, while another fix corrects the same issue in the C-based Expat XML parsing library embedded in Python.
Python developers said to avoid breaking applications which rely on the order of dictionary iteration, they have made the hash randomization disabled by default. This is despite the Python language making no guarantees on order of dictionaries and sets but they have not changed for some time and a number of applications may rely on them say the developers. To enable hash randomization, users must add -R to the python command line or set the environmental variable PYTHONHASHSEED to “random.” The expat XML parsing library is hash randomized by default.
Also fixed: An unrelated denial of service issue in the Simple XML-RPC Server with Python, where excessive CPU could occur if requests were begun but the connection closed before the request body completely sent. Finally, a countermeasure against the CBC IV attacks on SSL 3.0 and TLS 1.0 incorporated into OpenSSL is now back on in Python, after officials discovered the coders had inadvertently disabled the countermeasure when setting options.
Further details on the fixes in Python 2.7.3, the current stable Python 2.x version, and Python 3.2.3, the current stable Python 3.x version, are available. Windows and Mac OS X installers and source code for both these versions are available for download. The fixes are also available for Python 2.6.8 which is in source-code-only security-fix-only mode ahead of its retirement in October 2013, and Python 3.1.5, which is in the same mode and due for retirement in 2014.