lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 3 Sep 2011 04:16:00 -0700
From: Tomm Foo <bl4kjeebus121@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 79, Issue 6

what the..? gl0w0rm you dont know shiit bout nothin. keep hollerin at yo
boys at HF, cause them cats is legit leet, bra.
On Sep 3, 2011 4:00 AM, <full-disclosure-request@...ts.grok.org.uk> wrote:
> Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.grok.org.uk
>
> You can reach the person managing the list at
> full-disclosure-owner@...ts.grok.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim
your post appropriately. Thank you.
>
>
> Today's Topics:
>
> 1. Re: Cybsec Advisory 2011 0901 Windows Script Host DLL
> Hijacking (GloW - XD)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 3 Sep 2011 11:15:50 +1000
> From: GloW - XD <doomxd@...il.com>
> Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows
> Script Host DLL Hijacking
> To: Mario Vilas <mvilas@...il.com>
> Cc: full-disclosure@...ts.grok.org.uk
> Message-ID:
> <CALCvwp7VqDQ-9wzuSNSFF6QgaDgTPRh=FXU47RUsj987NT2w=A@...l.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> I must agree, considering i have yet to see it used in even botnet
circles,
> who would surely have used a decent local exploit if it was 'decent'... I
> know this dll hijacking, has gone unpassed to the community in general
> because of its useless ness.
> I agree completely, i never have seen this actively exploited, nor part of
a
> decent framework where it can be used in a remote or local session
> Basically, it is something to wich i read the PDF on, and thought "here is
> the most useless 'exploit' as it was being called , i have ever, laid eyes
> on" , my opinion still has yet to be changed by any factor, there could be
> many factors, ie: exploitation even in the wild reported, or just someone
> saying "hey dont forget blah.c!" , but this aint happened, nor will...
"hey
> wanna read msdn and look and see how a lib is loaded" would make more
sense.
> I still dont see anything 'good' in this whole fiasco of the dll
hijacking.
> no active code/poc. etc etc etc.... as i said, many factors id reconsider
my
> stance on...
> anyhow, enjoyable topic.
> xd
>
>
> On 3 September 2011 11:03, Mario Vilas <mvilas@...il.com> wrote:
>
>> I disagree. If this so called "vulnerability" had any added value in
terms
>> of social engineering, it would actually make sense to report it. Social
>> engineering isn't "bad", I really don't care how "leet" it is. My claim
is
>> simpler: this advisory makes no sense at all, because it replaces an easy
>> way of exploitation for a hard way of exploitation, so its added value is
>> actually *negative* for the attacker.
>>
>> Most likely whoever found this is new in the infosec world and never
>> stopped to consider this details - he/she just blindly repeated what the
dll
>> injection crowd was doing and posted whatever results were found, without
>> understanding really well what was going on.
>>
>> And THAT is the state of infosec today. People who report stuff for the
>> sake of reporting, without really understanding how things work or why.
>>
>> On Fri, Sep 2, 2011 at 11:46 PM, <Valdis.Kletnieks@...edu> wrote:
>>
>>> On Fri, 02 Sep 2011 20:55:35 -0000, "Thor (Hammer of God)" said:
>>>
>>> > LOL. "Warning, if you get the user to execute code, then it is
possible
>>> to
>>> > get the user to execute code!! All you have to do is get files on
their
>>> > system, and then get them to execute those files! Note that once you
>>> get the
>>> > user to execute the code, it will actually run in the context of that
>>> user!!
>>> > This is remote code execution vulnerability!"
>>>
>>> > Welcome to today's Infosec!
>>>
>>> The sad part is that this is the future of infosec as well. Microsoft
got
>>> the
>>> security religion a few years back, and even I have to admit their
current
>>> stuff
>>> isn't that bad at all. The various Linux distros are (slowly) getting
>>> their
>>> acts together, and maybe even Apple and Adobe will see the light
sometime
>>> reasonably soon. Yes, there will still be software failures - but once
the
>>> effort
>>> of finding a new 0-day reaches a certain point, the economics change....
>>>
>>> And once that happens, social engineering will become an even bigger
part
>>> of
>>> both the attack and defense sides of infosec. For the black hats, the
>>> cost/
>>> benefit of looking for effective 0-day holes will continue to drop,
while
>>> the
>>> cost/benefit of phishing a user will remain steady - so that's a push
>>> towards
>>> more social engineering. Why go to the effort of spending 3 months
finding
>>> a
>>> browser bug that allows you to push malware to the victim's machine,
when
>>> you
>>> can just spend 45 minutes creating a "Your machine is infected - click
>>> here to
>>> fix it" pop-up that will catch 80% of the people?
>>>
>>> Meanwhile, as the software gets more hardened and patching is more
>>> automated,
>>> the white hats will find a bigger percent of their time is spent
defending
>>> their systems from attacks triggered by their own users. Because the
>>> failure
>>> rate of people's brains is already about 4.7*10**9 times as high as the
>>> software failure rate, and the ratio is only getting worse - software is
>>> improving, people aren't.
>>>
>>> Prediction 1: 10 years from now, organized crime will be hiring
cognitive
>>> psychologists to help design more effective phish the way they currently
>>> hire
>>> programmers to write better spambots.
>>>
>>> Prediction 2: It ain't gonna get better till the average IQ starts going
>>> up faster
>>> than the software improves.
>>>
>>>
>>
>>
>> --
>> ?There's a reason we separate military and the police: one fights the
enemy
>> of the state, the other serves and protects the people. When the military
>> becomes both, then the enemies of the state tend to become the people.?
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110903/c457282e/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 79, Issue 6
> **********************************************

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ