| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Feb 2012 16:32:14 -0500 From: Jeffrey Walton <noloader@...il.com> To: Kyle Creyts <kyle.creyts@...il.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, cert@...t.org Subject: Re: Downloads Folder: A Binary Planting Minefield On Sat, Feb 18, 2012 at 4:00 PM, Kyle Creyts <kyle.creyts@...il.com> wrote: > Did this talk _really_ get accepted at RSA? Wow. While other conferences might be more appropriate, the acceptance underlines the problem with insecure library loading on Windows. Its still a big problem. Windows is not alone, and Linux suffers similar. See Tim Brown's "Breaking the links: Exploiting the linker," www.nth-dimension.org.uk/pub/BTL.pdf. Jeff > On Feb 17, 2012 11:41 AM, "ACROS Security Lists" <lists@...os.si> wrote: >> >> >> This blog post reveals a bit of our research and provides an advance >> notification of >> a largely unknown remote exploit technique on Windows. More importantly, >> it provides >> instructions for protecting your computers from this technique while >> waiting for the >> affected software to correct its behavior. >> >> >> http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists