On Fri, Aug 27, 2010 at 1:51 AM, valdis.kletni...@vt.edu wrote:
On Fri, 27 Aug 2010 01:29:32 EDT, Dan Kaminsky said:
Again, let me emphasize. Really interesting vector, will probably end up
attached to an unambiguous flaw. But right now, we're just seeing flaws
along the lines of Double
Hi!
This may be of some interest to people on the list:
http://lcamtuf.blogspot.com/2010/08/on-designing-uis-for-non-robots.html
In general, there is a class of UI design problems that trace back to
the failure to account for the inherent limitations of human
cognition; the specific
Pavel, did you actually check out the PoC?
It actually invalidates your idea as well!
These UI issues remind me of how MSIE made the security UI work for ActiveX,
where you get a topbar as well, but clicking it would shown up a popup
instead of allowing the activex.
As far as my mind goes, one
Pavel, did you actually check out the PoC?
It actually invalidates your idea as well!
These UI issues remind me of how MSIE made the security UI work for
ActiveX, where you get a topbar as well, but clicking it would shown
up a popup instead of allowing the activex.
As far as my mind goes, one
Clearly desktops need to be able to run arbitrary code. That’s what they’re
there for.
Why wouldn’t eliminating the CWD from the DLL search order fix the problem?
I asked Microsoft about this (
http://blogs.pcmag.com/securitywatch/2010/08/list_of_dll_vulnerability_wind.php)
and they said the
On Fri, 27 Aug 2010 07:20:22 EDT, Larry Seltzer said:
Why wouldn't eliminating the CWD from the DLL search order fix the problem?
I asked Microsoft about this (
http://blogs.pcmag.com/securitywatch/2010/08/list_of_dll_vulnerability_wind.php)
and they said the obvious answer, that it would
#1 in the DLL search list is the directory from which the program was
loaded. How can you have a scenario where CWD is a better choice than that?
Why would it be a good choice DLL sharing?
Here’s another possibility for a Microsoft action. Add a search location 1.5
specified by the application
On Fri, Aug 27, 2010 at 9:10 AM, valdis.kletni...@vt.edu wrote:
On Fri, 27 Aug 2010 07:20:22 EDT, Larry Seltzer said:
Why wouldn't eliminating the CWD from the DLL search order fix the
problem?
I asked Microsoft about this (
Well, if I pull out the crystal ball, I see two possibilities:
1) Patch goes out, implementing this policy
2) 1% of customers go dark
3) That's a WHOLE BUNCH OF CUSTOMERS WHO DISABLE WINDOWS UPDATE
1) Patch goes out, off by default
2) 0% of customers turn it on
3) That's a MEANINGLESS REGISTRY
h0h0h0. There be history, Larry.
Short version: Go see how many DLLs exist outside of c:\windows\system32.
Look, ye mighty, and despair when you realize all those apps would be broken
by CWD DLL blocking.
Longer version:
Unix has always had the tradition of a system administrator. When it
while there's probably an actual vuln somewhere using this
methodology, nothing's been found yet
Do you really think so?
Having any kind of executable load the first ntoskernel.dll it finds,
such as the innocent one in it's own directory isn't really wise...
On Fri, Aug 27, 2010 at
On Fri, 27 Aug 2010 10:13:21 EDT, Dan Kaminsky said:
Oh, come on. MS puts more effort into delivering a secure platform than
pretty much anyone at this point. They're just not the low hanging fruit
they once were.
Oh, I'll grant you that, they *have* done a great job in the past few years,
...up till the moment you realize that the interface doesn't really
differentiate between 2010 Quarterly Projections as an .exe or as a .ppt.
Double clicking in desktop = do whatever it takes to run this, code
execution or not.
On Fri, Aug 27, 2010 at 10:36 AM, Christian Sciberras
Valdis, that last statement of yours really didn't make any sense:
(And remember what people said about the *first* release of UAC in the beta? A
*lot* of people said it sucked hard enough to make them seriously consider
moving to Linux...
Without getting into any difference between Windows
NAME: PoTTy v0.60
=
VENDOR: Mr. Hinky Dink
==
PoTTy, an Open Source, modified version of Simon Tatham's PuTTy (Windows
version, v0.60) for Bruce Leidl's Obfuscated-OpenSSH v5.2 server, has
been demonstrated vulnerable to the recent Windows DLL hijacking
On Fri, 27 Aug 2010 16:54:09 +0200, Christian Sciberras said:
Valdis, that last statement of yours really didn't make any sense:
(And remember what people said about the *first* release of UAC in the
beta? A
*lot* of people said it sucked hard enough to make them seriously consider
On Fri, Aug 27, 2010 at 5:27 PM, matt m...@attackvector.org wrote:
2) This opens the door for more widespread attacks. In the case of
PowerPoint, one could simply find a share on a network that contains a large
amount of ppt files and save his/her rogue DLL file in that directory.
Then,
I have released an Ubuntu 10.04-based VirtualBox VM with OpenDLP 0.2.2
(http://opendlp.googlecode.com) preconfigured and nearly ready to use.
The only thing required is to copy an sc.exe binary from a Microsoft
Windows system and place it into a specific directory inside the VM.
Please consult the
Hello,
this bug looks like *((int*)0, why was it marked as a heap overflow?
Best,
James.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Oh, I'll grant you that, they *have* done a great job in the past few years,
the biggest turn-around I've seen in 3 decades in this business.
I wonder what is the real product of that, *Nix or Mac's. My side is
with FOSS, Linux etc and not Mac's but I do wonder.
so like i hrd python devz like mudkipz? http://bugs.python.org/issue9702
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Dan,
While I agree with most of what you're saying, I do find this to be a pretty
serious issue, and here's why.
1) The file doesn't have to be fake. It could be a legitimately real ppt,
vcf, eml, html, whatever. The program(s) load the rogue DLL file and there
doesn't seem to be any major
I will admit that I don’t have a **good** solution to this. It bothers me
that there’s no systemic solution coming for so widespread a problem.
I’ll add some more depressing news: there’s basically nothing that
anti-malware or IPS systems can do about this that they aren’t already
doing, i.e.
so like i hrd python devz like mudkipz? http://bugs.python.org/issue9702
I presume you are Dave B?
So this is a great example of why introductory programming courses in
college should teach C (or something similar) as a first language
rather than Java. Kids these days don't understand what
All publicity is good publicity - Michael Scott
On Fri, Aug 27, 2010 at 7:05 PM, Tim tim-secur...@sentinelchicken.org wrote:
so like i hrd python devz like mudkipz? http://bugs.python.org/issue9702
I presume you are Dave B?
So this is a great example of why introductory programming
You have a point. If you’re using a whitelisting system and are strict about
it then you should not be vulnerable.
This made me think of another issue: I just checked PowerPoint 2007, one of
the apps listed as vulnerable, and both the EXEs and DLLs are digitally
signed. Shouldn’t it be
cool, send my regards.
On Fri, Aug 27, 2010 at 7:57 PM, spamtester spamtester
spamtesterspamtes...@gmail.com wrote:
On 28 August 2010 04:56, Benji m...@b3nji.com wrote:
maybe it's correct, you should send a letter to it and find out.
please note: turn around time: 2 years. My relatives are
maybe it's correct, you should send a letter to it and find out.
please note: turn around time: 2 years. My relatives are still waiting
for thank you letters from when I was 9.
On Fri, Aug 27, 2010 at 7:52 PM, spamtester spamtester
spamtesterspamtes...@gmail.com wrote:
On 28 August 2010
* Dan Kaminsky:
Short version: Go see how many DLLs exist outside of c:\windows\system32.
Look, ye mighty, and despair when you realize all those apps would be broken
by CWD DLL blocking.
We've been discussing this issue a long time with regard to module
include paths in what used to be
k just dont tell my dad please :/
On Fri, Aug 27, 2010 at 7:25 PM, spamtester spamtester
spamtesterspamtes...@gmail.com wrote:
On 28 August 2010 04:14, Benji m...@b3nji.com wrote:
All publicity is good publicity - Michael Scott
YOU DUN GOOFED!
whois for b3nji.com
Registrant Contact:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco IOS XR Software Border Gateway
Protocol Vulnerability
Advisory ID: cisco-sa-20100827-bgp
Revision 1.0
For Public Release 2010 August 27 2200 UTC (GMT
31 matches
Mail list logo