August 02, 2009: Blue Moon Consulting sent a draft advisory to VNCERT.
August 07, 2009: Blue Moon Consulting showed the proof of concept exploit under close observation of VNCERT and Ministry of Information and Communications.
August 09, 2009: Nguyen Minh Duc from BKAV requested us to provide technical details prior to the emergency meeting called for by VNCERT.
August 10, 2009: Blue Moon Consulting requested to discuss with BKAV at the meeting.
August 10, 2009: Ministry of Information and Communications held an emergency meeting comprising of representatives from the Ministry, VNCERT, VNISA, Blue Moon Consulting, and BKAV to verify the vulnerability in an independent environment. BKAV refused to attend the meeting.
In the mean time waiting for this vulnerability to be fixed, Bkis recommends
that users all over the world stop using face authentication to log in their
laptops.
Credit
Thanks Le Nhat Minh, Nguyen Minh Duc, Bui Quang Minh, Le Minh Hung.
----------------------------------------------------------------
Security Vulnerability Research Team (SVRT-Bkis)
Bach Khoa Internetwork Security Center (Bkis)
