lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Aug 2012 00:02:10 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Gynvael Coldwind <gynvael@...dwind.pl>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DLL Hijacking Against Installers In Browser
 Download Folders for Phish and Profit

I've got two concerns about this:


1. Either way you put it, I can't see how one can make a convincing
argument out of downloading a DLL file.
Asking laymen, they'd ask "what's a dll for? weren't updates done with
exe/msi/etc? why's it got that funny icon?"

2. I'm a bit curious about your choice of code, and why you commented out
exit(0); (what's the point anyway?)


Cheers,
Chris.




On Mon, Aug 13, 2012 at 7:19 PM, Gynvael Coldwind <gynvael@...dwind.pl>wrote:

> Well, what can I say - your write up is accurate.
>
> Though last time I've seen it, around 5 years ago, it was still called
> DLL spoofing and not DLL hijacking, and was one of the arguments why
> "carpet bombing" (automatic download) in Safair/Chrome must be fixed
> :)
> E.g. http://gynvael.coldwind.pl/?id=55
>
> --
> gynvael.coldwind//vx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists