lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 4 Sep 2011 07:00:38 +1000
From: GloW - XD <doomxd@...il.com>
To: Tomm Foo <bl4kjeebus121@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 79, Issue 6

eh, you got the wrong w0rmie. and i dont kno what a HF is even.
have a nice day dude, but you have the wrong person.. my nickname has never
been that. either way, show me some proof of this dll hijacking thats useful
, ?? and you would then 'know more', than me.. tell me something i dont
know.
xd

and kid, growup.


On 3 September 2011 21:16, Tomm Foo <bl4kjeebus121@...il.com> wrote:

> what the..? gl0w0rm you dont know shiit bout nothin. keep hollerin at yo
> boys at HF, cause them cats is legit leet, bra.
> On Sep 3, 2011 4:00 AM, <full-disclosure-request@...ts.grok.org.uk> wrote:
> > Send Full-Disclosure mailing list submissions to
> > full-disclosure@...ts.grok.org.uk
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> > or, via email, send a message with subject or body 'help' to
> > full-disclosure-request@...ts.grok.org.uk
> >
> > You can reach the person managing the list at
> > full-disclosure-owner@...ts.grok.org.uk
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Full-Disclosure digest..."
> >
> >
> > Note to digest recipients - when replying to digest posts, please trim
> your post appropriately. Thank you.
> >
> >
> > Today's Topics:
> >
> > 1. Re: Cybsec Advisory 2011 0901 Windows Script Host DLL
> > Hijacking (GloW - XD)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Sat, 3 Sep 2011 11:15:50 +1000
> > From: GloW - XD <doomxd@...il.com>
> > Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows
> > Script Host DLL Hijacking
> > To: Mario Vilas <mvilas@...il.com>
> > Cc: full-disclosure@...ts.grok.org.uk
> > Message-ID:
> > <CALCvwp7VqDQ-9wzuSNSFF6QgaDgTPRh=FXU47RUsj987NT2w=A@...l.gmail.com>
> > Content-Type: text/plain; charset="windows-1252"
> >
> > I must agree, considering i have yet to see it used in even botnet
> circles,
> > who would surely have used a decent local exploit if it was 'decent'... I
> > know this dll hijacking, has gone unpassed to the community in general
> > because of its useless ness.
> > I agree completely, i never have seen this actively exploited, nor part
> of a
> > decent framework where it can be used in a remote or local session
> > Basically, it is something to wich i read the PDF on, and thought "here
> is
> > the most useless 'exploit' as it was being called , i have ever, laid
> eyes
> > on" , my opinion still has yet to be changed by any factor, there could
> be
> > many factors, ie: exploitation even in the wild reported, or just someone
> > saying "hey dont forget blah.c!" , but this aint happened, nor will...
> "hey
> > wanna read msdn and look and see how a lib is loaded" would make more
> sense.
> > I still dont see anything 'good' in this whole fiasco of the dll
> hijacking.
> > no active code/poc. etc etc etc.... as i said, many factors id reconsider
> my
> > stance on...
> > anyhow, enjoyable topic.
> > xd
> >
> >
> > On 3 September 2011 11:03, Mario Vilas <mvilas@...il.com> wrote:
> >
> >> I disagree. If this so called "vulnerability" had any added value in
> terms
> >> of social engineering, it would actually make sense to report it. Social
> >> engineering isn't "bad", I really don't care how "leet" it is. My claim
> is
> >> simpler: this advisory makes no sense at all, because it replaces an
> easy
> >> way of exploitation for a hard way of exploitation, so its added value
> is
> >> actually *negative* for the attacker.
> >>
> >> Most likely whoever found this is new in the infosec world and never
> >> stopped to consider this details - he/she just blindly repeated what the
> dll
> >> injection crowd was doing and posted whatever results were found,
> without
> >> understanding really well what was going on.
> >>
> >> And THAT is the state of infosec today. People who report stuff for the
> >> sake of reporting, without really understanding how things work or why.
> >>
> >> On Fri, Sep 2, 2011 at 11:46 PM, <Valdis.Kletnieks@...edu> wrote:
> >>
> >>> On Fri, 02 Sep 2011 20:55:35 -0000, "Thor (Hammer of God)" said:
> >>>
> >>> > LOL. "Warning, if you get the user to execute code, then it is
> possible
> >>> to
> >>> > get the user to execute code!! All you have to do is get files on
> their
> >>> > system, and then get them to execute those files! Note that once you
> >>> get the
> >>> > user to execute the code, it will actually run in the context of that
> >>> user!!
> >>> > This is remote code execution vulnerability!"
> >>>
> >>> > Welcome to today's Infosec!
> >>>
> >>> The sad part is that this is the future of infosec as well. Microsoft
> got
> >>> the
> >>> security religion a few years back, and even I have to admit their
> current
> >>> stuff
> >>> isn't that bad at all. The various Linux distros are (slowly) getting
> >>> their
> >>> acts together, and maybe even Apple and Adobe will see the light
> sometime
> >>> reasonably soon. Yes, there will still be software failures - but once
> the
> >>> effort
> >>> of finding a new 0-day reaches a certain point, the economics
> change....
> >>>
> >>> And once that happens, social engineering will become an even bigger
> part
> >>> of
> >>> both the attack and defense sides of infosec. For the black hats, the
> >>> cost/
> >>> benefit of looking for effective 0-day holes will continue to drop,
> while
> >>> the
> >>> cost/benefit of phishing a user will remain steady - so that's a push
> >>> towards
> >>> more social engineering. Why go to the effort of spending 3 months
> finding
> >>> a
> >>> browser bug that allows you to push malware to the victim's machine,
> when
> >>> you
> >>> can just spend 45 minutes creating a "Your machine is infected - click
> >>> here to
> >>> fix it" pop-up that will catch 80% of the people?
> >>>
> >>> Meanwhile, as the software gets more hardened and patching is more
> >>> automated,
> >>> the white hats will find a bigger percent of their time is spent
> defending
> >>> their systems from attacks triggered by their own users. Because the
> >>> failure
> >>> rate of people's brains is already about 4.7*10**9 times as high as the
> >>> software failure rate, and the ratio is only getting worse - software
> is
> >>> improving, people aren't.
> >>>
> >>> Prediction 1: 10 years from now, organized crime will be hiring
> cognitive
> >>> psychologists to help design more effective phish the way they
> currently
> >>> hire
> >>> programmers to write better spambots.
> >>>
> >>> Prediction 2: It ain't gonna get better till the average IQ starts
> going
> >>> up faster
> >>> than the software improves.
> >>>
> >>>
> >>
> >>
> >> --
> >> ?There's a reason we separate military and the police: one fights the
> enemy
> >> of the state, the other serves and protects the people. When the
> military
> >> becomes both, then the enemies of the state tend to become the people.?
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110903/c457282e/attachment-0001.html
> >
> > ------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > End of Full-Disclosure Digest, Vol 79, Issue 6
> > **********************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ