lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAExQ7uKft=dqK81zGA8QYLGYERX_gMux1wH=rxCE+r9AE3c1vw@mail.gmail.com>
Date: Thu, 15 Sep 2011 17:27:25 -0500
From: adam <adam@...sy.net>
To: security@...ossecurity.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft's Binary Planting Clean-Up Mission

>>I'm afraid you don't fully understand the issue. This is not about placing
your own
>>DLL on a local machine so that a chosen application will load it (i.e.,
user
>>"attacking" an application on his own computer).

I'm not sure you understood the point. That being, whether the user
knowingly or unknowingly loads the "malicious" DLL - the application will be
effected the same either way. To that point: it's been possible for over a
decade (and perhaps even longer) so pretending that it's some brand new
threat that needs to be dealt with immediately is foolish.

>>possibly on a remote share - and executing its code (i.e., attacker with
zero
>>privileges on user's computer executing code on that computer).

Zero privileges? So having write access to a share that the user
accesses/loads files from - what do you call that? This is a social
engineering attack - absolutely nothing more.

On a related note: have you also contacted Linus about LD_PRELOAD?

On Thu, Sep 15, 2011 at 5:05 PM, ACROS Security Lists <lists@...os.si>wrote:

> Hi Adam,
>
> I'm afraid you don't fully understand the issue. This is not about placing
> your own
> DLL on a local machine so that a chosen application will load it (i.e.,
> user
> "attacking" an application on his own computer). It is about an application
> running
> on your computer silently grabbing a malicious DLL from attacker-controlled
> location
> - possibly on a remote share - and executing its code (i.e., attacker with
> zero
> privileges on user's computer executing code on that computer).
>
> I hope this helps a little.
>
> Cheers,
> Mitja
>
>
> > -----Original Message-----
> > From: iarethebest@...il.com [mailto:iarethebest@...il.com] On
> > Behalf Of adam
> > Sent: Thursday, September 15, 2011 11:26 PM
> > To: Thor (Hammer of God)
> > Cc: security@...ossecurity.com; Christian Sciberras;
> > full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
> > Subject: Re: [Full-disclosure] Microsoft's Binary Planting
> > Clean-Up Mission
> >
> > Plus: pretending that you're on the same page as Microsoft
> > (from a security standpoint) to further your own argument is
> > more damaging than it is beneficial. The entire "binary
> > planting" concept was flawed from the very beginning. If you
> > can drop a binary file on a user's machine - make it an
> > executable and be done with it. There's nothing fancy or
> > innovative about forcing applications to use specific DLLs -
> > script kiddies have been doing it for over 10 years to inject
> > custom code in multiplayer games.
> >
> > On Thu, Sep 15, 2011 at 3:59 PM, Thor (Hammer of God)
> > <thor@...merofgod.com> wrote:
> >
> >
> >       I'm curious.  Who is your contact at MSFT?  Who is it
> > that has told you they have a "Binary Planting Clean-up
> > Mission" and where do they mention you as having anything to
> > do with it?
> >
> >       If you are going to claim MSFT's actions as substantive
> > to your agenda, how about provide some details?
> >
> >       t
> >
> >       > -----Original Message-----
> >       > From: ACROS Security Lists [mailto:lists@...os.si]
> >       > Sent: Thursday, September 15, 2011 1:41 PM
> >       > To: 'Christian Sciberras'
> >       > Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk;
> >       > bugtraq@...urityfocus.com
> >
> >       > Subject: RE: [Full-disclosure] Microsoft's Binary
> > Planting Clean-Up Mission
> >       >
> >
> >       > Hey Chris,
> >       >
> >       > > I bet Microsoft actually like stating they just
> > fixed yet another
> >       > > severe bug.
> >       > > Zero-day fixing is big business, you know....even if "zero"
> >       > > is past a few "days".
> >       >
> >       > I don't think Microsoft gains much from being able to
> > say they fixed yet
> >       > another bug
> >       > - maybe if it were a bug they found internally and
> > fixed proactively, but not
> >       > like this. And I'm sure they'd rather be doing
> > something else than fixing:
> >       > fixing a product costs a lot, and it generates no revenue.
> >       >
> >       > Cheers,
> >       > Mitja
> >
> >       _______________________________________________
> >       Full-Disclosure - We believe in it.
> >       Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >       Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ