| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAD6s_XshssVh2En+yfcyWeaw_D_On11OQcqGSrR3L3dfm=Fecg@mail.gmail.com>
Date: Tue, 14 Aug 2012 00:02:10 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Gynvael Coldwind <gynvael@...dwind.pl>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DLL Hijacking Against Installers In Browser
Download Folders for Phish and Profit
I've got two concerns about this:
1. Either way you put it, I can't see how one can make a convincing
argument out of downloading a DLL file.
Asking laymen, they'd ask "what's a dll for? weren't updates done with
exe/msi/etc? why's it got that funny icon?"
2. I'm a bit curious about your choice of code, and why you commented out
exit(0); (what's the point anyway?)
Cheers,
Chris.
On Mon, Aug 13, 2012 at 7:19 PM, Gynvael Coldwind <gynvael@...dwind.pl>wrote:
> Well, what can I say - your write up is accurate.
>
> Though last time I've seen it, around 5 years ago, it was still called
> DLL spoofing and not DLL hijacking, and was one of the arguments why
> "carpet bombing" (automatic download) in Safair/Chrome must be fixed
> :)
> E.g. http://gynvael.coldwind.pl/?id=55
>
> --
> gynvael.coldwind//vx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists