CVE-2019-8936

[mcc85]

CVE-2019-8936
https://vuxml.FreeBSD.org/freebsd/c2576e14-36e2-11e9-9eda-206a8a720317.html

This vulnerability was reported on 01-15-2019, I'm the one who reported it. Why? Because someone didn't like the project I was working on, and someone encrypted all of the data on the two systems that I had connected to. They used port 3389 and then jacked into my network by tagging along the session I had opened, even after I had closed the port back off after I was able to turn on my internal remote access program.

I don't see a forum thread here that deals with specific network vulnerabilities such as this, but I can tell you that someone at Microsoft does not like what I've been up to. Here's my proof....

-------------------

I made this video on January 25th, on that very network I mentioned above, that is, after I had to restore all of my content and scripts and image files and everything else. It was a hard lesson learned, but hey, I managed to get it all back up and running within 10 days alongside another large project I had on my hands, then shared the video once I felt it was capable of being a proof of concept.

https://www.youtube.com/watch?v=5Cyp3pqIMRs  [Look at the date I uploaded this project]

The very next day, January 26th, Michael Neihaus, posted an update referencing the Microsoft Deployment Toolkit.

https://blogs.technet.microsoft.com/mniehaus/      [Look at the date of the MDT update/Comments locked]

Coincidence? I think not. Some nefarious party has been relentlessly attacking my networks and I have been checking my security audits several times a day to make sure that I can find out who's doing this.

---------------

I've deduced it to a few culprits, like the authors of the book "Deployment Essentials"... Why?

I'm looking to make WaaS/SaaS for free, without malicious Microsoft Store applications which track everything you do with your system at all times. The reason I went with a FreeBSD port is because I know that even with it's fair share of problems, the developers of this project know what they're doing and made the most reliable enterprise grade firmware I have ever seen... why? Because they didn't ask for a dime to provide it.

If my project sounds a little too good to be true until I actually have a product to distribute, well I can tell you that my conviction will inevitably override the doubt of many... because I do what I'm doing for the same reason this project is also freely available. Because it's a sign of spiritual strength and integrity. AND, because I believe in what Gary Kildall originally built, not what Bill Gates coerced Paul Allen to reverse engineer.

[mcc85]

By the way, I had process hacker after I posted this information on my Facebook page, and you know what came up on my screen a couple times showing up as red? SDX Helper.

https://www.google.com/search?q=sdx+helper&rlz=1C1GCEU_enUS839US839&oq=sdx+helper&aqs=chrome..69i57j0l5.2751j0j7&sourceid=chrome&ie=UTF-8

[mcc85]

www.securedigitsplus.com

This is what I'm after.

[franco]

Thanks, CVE-2019-8936 will be addressed in 19.1.4 next week.


Cheers,
Franco