>>I'm afraid you don't fully understand the issue. This is not about placing your own >>DLL on a local machine so that a chosen application will load it (i.e., user >>"attacking" an application on his own computer).
I'm not sure you understood the point. That being, whether the user knowingly or unknowingly loads the "malicious" DLL - the application will be effected the same either way. To that point: it's been possible for over a decade (and perhaps even longer) so pretending that it's some brand new threat that needs to be dealt with immediately is foolish. >>possibly on a remote share - and executing its code (i.e., attacker with zero >>privileges on user's computer executing code on that computer). Zero privileges? So having write access to a share that the user accesses/loads files from - what do you call that? This is a social engineering attack - absolutely nothing more. On a related note: have you also contacted Linus about LD_PRELOAD? On Thu, Sep 15, 2011 at 5:05 PM, ACROS Security Lists <[email protected]>wrote: > Hi Adam, > > I'm afraid you don't fully understand the issue. This is not about placing > your own > DLL on a local machine so that a chosen application will load it (i.e., > user > "attacking" an application on his own computer). It is about an application > running > on your computer silently grabbing a malicious DLL from attacker-controlled > location > - possibly on a remote share - and executing its code (i.e., attacker with > zero > privileges on user's computer executing code on that computer). > > I hope this helps a little. > > Cheers, > Mitja > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > > Behalf Of adam > > Sent: Thursday, September 15, 2011 11:26 PM > > To: Thor (Hammer of God) > > Cc: [email protected]; Christian Sciberras; > > [email protected]; [email protected] > > Subject: Re: [Full-disclosure] Microsoft's Binary Planting > > Clean-Up Mission > > > > Plus: pretending that you're on the same page as Microsoft > > (from a security standpoint) to further your own argument is > > more damaging than it is beneficial. The entire "binary > > planting" concept was flawed from the very beginning. If you > > can drop a binary file on a user's machine - make it an > > executable and be done with it. There's nothing fancy or > > innovative about forcing applications to use specific DLLs - > > script kiddies have been doing it for over 10 years to inject > > custom code in multiplayer games. > > > > On Thu, Sep 15, 2011 at 3:59 PM, Thor (Hammer of God) > > <[email protected]> wrote: > > > > > > I'm curious. Who is your contact at MSFT? Who is it > > that has told you they have a "Binary Planting Clean-up > > Mission" and where do they mention you as having anything to > > do with it? > > > > If you are going to claim MSFT's actions as substantive > > to your agenda, how about provide some details? > > > > t > > > > > -----Original Message----- > > > From: ACROS Security Lists [mailto:[email protected]] > > > Sent: Thursday, September 15, 2011 1:41 PM > > > To: 'Christian Sciberras' > > > Cc: Thor (Hammer of God); [email protected]; > > > [email protected] > > > > > Subject: RE: [Full-disclosure] Microsoft's Binary > > Planting Clean-Up Mission > > > > > > > > Hey Chris, > > > > > > > I bet Microsoft actually like stating they just > > fixed yet another > > > > severe bug. > > > > Zero-day fixing is big business, you know....even if "zero" > > > > is past a few "days". > > > > > > I don't think Microsoft gains much from being able to > > say they fixed yet > > > another bug > > > - maybe if it were a bug they found internally and > > fixed proactively, but not > > > like this. And I'm sure they'd rather be doing > > something else than fixing: > > > fixing a product costs a lot, and it generates no revenue. > > > > > > Cheers, > > > Mitja > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
