| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: randnut at hotmail.com (first last) Subject: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL From Internet Explorer >Summary: >A LoadLibrary / LoadLibraryEx weakness makes SSL on Internet Explorer very >vulnerable to a “DLL proxy” attack. If exploited, unencrypted data can be >intercepted before Internet Explorer (IE) uses the SSL module to encrypt >the >data. Therefore, confidential information such as bank accounts and >passwords could be stolen. Many applications are vulnerable to “DLL proxy” >attack with different ramifications. This is OLD news. Where have you been? It's been used for as long as LoadLibrary has existed by programs monitoring other programs. There are dozens of other ways of reading data from another program before and after data is encrypted/decrypted. I could write a dozen similar advisories and post them here and to BugTraq but I won't because they're OLD news. >Vendor Status: >Microsoft was informed of this weakness in December 2003. As of February 5, >2004, Microsoft has not provided any indication that they intend to provide >any remedies for the affected Windows configurations. Of course they won't because this is OLD news. The subject of your email is "Round One," so I hope your next rounds will have some new information. _________________________________________________________________ Get some great ideas here for your sweetheart on Valentine's Day - and beyond. http://special.msn.com/network/celebrateromance.armx
Powered by blists - more mailing lists