what the..? gl0w0rm you dont know shiit bout nothin. keep hollerin at yo boys at HF, cause them cats is legit leet, bra. On Sep 3, 2011 4:00 AM, <[email protected]> wrote: > Send Full-Disclosure mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Full-Disclosure digest..." > > > Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. > > > Today's Topics: > > 1. Re: Cybsec Advisory 2011 0901 Windows Script Host DLL > Hijacking (GloW - XD) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 3 Sep 2011 11:15:50 +1000 > From: GloW - XD <[email protected]> > Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows > Script Host DLL Hijacking > To: Mario Vilas <[email protected]> > Cc: [email protected] > Message-ID: > <CALCvwp7VqDQ-9wzuSNSFF6QgaDgTPRh=FXU47RUsj987NT2w=a...@mail.gmail.com> > Content-Type: text/plain; charset="windows-1252" > > I must agree, considering i have yet to see it used in even botnet circles, > who would surely have used a decent local exploit if it was 'decent'... I > know this dll hijacking, has gone unpassed to the community in general > because of its useless ness. > I agree completely, i never have seen this actively exploited, nor part of a > decent framework where it can be used in a remote or local session > Basically, it is something to wich i read the PDF on, and thought "here is > the most useless 'exploit' as it was being called , i have ever, laid eyes > on" , my opinion still has yet to be changed by any factor, there could be > many factors, ie: exploitation even in the wild reported, or just someone > saying "hey dont forget blah.c!" , but this aint happened, nor will... "hey > wanna read msdn and look and see how a lib is loaded" would make more sense. > I still dont see anything 'good' in this whole fiasco of the dll hijacking. > no active code/poc. etc etc etc.... as i said, many factors id reconsider my > stance on... > anyhow, enjoyable topic. > xd > > > On 3 September 2011 11:03, Mario Vilas <[email protected]> wrote: > >> I disagree. If this so called "vulnerability" had any added value in terms >> of social engineering, it would actually make sense to report it. Social >> engineering isn't "bad", I really don't care how "leet" it is. My claim is >> simpler: this advisory makes no sense at all, because it replaces an easy >> way of exploitation for a hard way of exploitation, so its added value is >> actually *negative* for the attacker. >> >> Most likely whoever found this is new in the infosec world and never >> stopped to consider this details - he/she just blindly repeated what the dll >> injection crowd was doing and posted whatever results were found, without >> understanding really well what was going on. >> >> And THAT is the state of infosec today. People who report stuff for the >> sake of reporting, without really understanding how things work or why. >> >> On Fri, Sep 2, 2011 at 11:46 PM, <[email protected]> wrote: >> >>> On Fri, 02 Sep 2011 20:55:35 -0000, "Thor (Hammer of God)" said: >>> >>> > LOL. "Warning, if you get the user to execute code, then it is possible >>> to >>> > get the user to execute code!! All you have to do is get files on their >>> > system, and then get them to execute those files! Note that once you >>> get the >>> > user to execute the code, it will actually run in the context of that >>> user!! >>> > This is remote code execution vulnerability!" >>> >>> > Welcome to today's Infosec! >>> >>> The sad part is that this is the future of infosec as well. Microsoft got >>> the >>> security religion a few years back, and even I have to admit their current >>> stuff >>> isn't that bad at all. The various Linux distros are (slowly) getting >>> their >>> acts together, and maybe even Apple and Adobe will see the light sometime >>> reasonably soon. Yes, there will still be software failures - but once the >>> effort >>> of finding a new 0-day reaches a certain point, the economics change.... >>> >>> And once that happens, social engineering will become an even bigger part >>> of >>> both the attack and defense sides of infosec. For the black hats, the >>> cost/ >>> benefit of looking for effective 0-day holes will continue to drop, while >>> the >>> cost/benefit of phishing a user will remain steady - so that's a push >>> towards >>> more social engineering. Why go to the effort of spending 3 months finding >>> a >>> browser bug that allows you to push malware to the victim's machine, when >>> you >>> can just spend 45 minutes creating a "Your machine is infected - click >>> here to >>> fix it" pop-up that will catch 80% of the people? >>> >>> Meanwhile, as the software gets more hardened and patching is more >>> automated, >>> the white hats will find a bigger percent of their time is spent defending >>> their systems from attacks triggered by their own users. Because the >>> failure >>> rate of people's brains is already about 4.7*10**9 times as high as the >>> software failure rate, and the ratio is only getting worse - software is >>> improving, people aren't. >>> >>> Prediction 1: 10 years from now, organized crime will be hiring cognitive >>> psychologists to help design more effective phish the way they currently >>> hire >>> programmers to write better spambots. >>> >>> Prediction 2: It ain't gonna get better till the average IQ starts going >>> up faster >>> than the software improves. >>> >>> >> >> >> -- >> ?There's a reason we separate military and the police: one fights the enemy >> of the state, the other serves and protects the people. When the military >> becomes both, then the enemies of the state tend to become the people.? >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110903/c457282e/attachment-0001.html > > ------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > End of Full-Disclosure Digest, Vol 79, Issue 6 > **********************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
