[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <22C2BC5EBEFA4F06B812F48B39C1C285@acros.si>
Date: Fri, 16 Sep 2011 00:05:06 +0200
From: "ACROS Security Lists" <lists@...os.si>
To: "'adam'" <adam@...sy.net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft's Binary Planting Clean-Up Mission
Hi Adam,
I'm afraid you don't fully understand the issue. This is not about placing your own
DLL on a local machine so that a chosen application will load it (i.e., user
"attacking" an application on his own computer). It is about an application running
on your computer silently grabbing a malicious DLL from attacker-controlled location
- possibly on a remote share - and executing its code (i.e., attacker with zero
privileges on user's computer executing code on that computer).
I hope this helps a little.
Cheers,
Mitja
> -----Original Message-----
> From: iarethebest@...il.com [mailto:iarethebest@...il.com] On
> Behalf Of adam
> Sent: Thursday, September 15, 2011 11:26 PM
> To: Thor (Hammer of God)
> Cc: security@...ossecurity.com; Christian Sciberras;
> full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
>
> Plus: pretending that you're on the same page as Microsoft
> (from a security standpoint) to further your own argument is
> more damaging than it is beneficial. The entire "binary
> planting" concept was flawed from the very beginning. If you
> can drop a binary file on a user's machine - make it an
> executable and be done with it. There's nothing fancy or
> innovative about forcing applications to use specific DLLs -
> script kiddies have been doing it for over 10 years to inject
> custom code in multiplayer games.
>
> On Thu, Sep 15, 2011 at 3:59 PM, Thor (Hammer of God)
> <thor@...merofgod.com> wrote:
>
>
> I'm curious. Who is your contact at MSFT? Who is it
> that has told you they have a "Binary Planting Clean-up
> Mission" and where do they mention you as having anything to
> do with it?
>
> If you are going to claim MSFT's actions as substantive
> to your agenda, how about provide some details?
>
> t
>
> > -----Original Message-----
> > From: ACROS Security Lists [mailto:lists@...os.si]
> > Sent: Thursday, September 15, 2011 1:41 PM
> > To: 'Christian Sciberras'
> > Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk;
> > bugtraq@...urityfocus.com
>
> > Subject: RE: [Full-disclosure] Microsoft's Binary
> Planting Clean-Up Mission
> >
>
> > Hey Chris,
> >
> > > I bet Microsoft actually like stating they just
> fixed yet another
> > > severe bug.
> > > Zero-day fixing is big business, you know....even if "zero"
> > > is past a few "days".
> >
> > I don't think Microsoft gains much from being able to
> say they fixed yet
> > another bug
> > - maybe if it were a bug they found internally and
> fixed proactively, but not
> > like this. And I'm sure they'd rather be doing
> something else than fixing:
> > fixing a product costs a lot, and it generates no revenue.
> >
> > Cheers,
> > Mitja
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists