Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer

From: der Mouse (mouse_at_Rodents.Montreal.QC.CA)
Date: 02/11/04

  • Next message: Drew Copley: "RE: Another Low Blow From Microsoft: MBSA Failure!" 
    Date: Tue, 10 Feb 2004 23:56:29 -0500 (EST)
To: "John D. Hardin" <jhardin@impsec.org>, Darren Reed <avalon@caligula.anu.edu.au>, bugtraq@securityfocus.com

    >> Depends. Does it include the tools necessary to sign my own code?

    >> If so, what's to stop a malware creator from using those same tools
    >> to sign the attack vector?

    > How does the malware author get the private half of a public key you
    > trust for software installations?

    The same way you do, of course. Most likely it pops up a box asking
    for it. Given how boneheaded most users seem to be, and given that
    signatures will be needed on most software installs, this will be a
    common sight to many users, and they will probably cheerfully type in
    whatever is necessary to fetch/decrypt it. Look at how effective
    phishing attacks are.

    No, that wouldn't work against me (or, I would hope, you). But I
    wouldn't be running such a thing anyway, and even if I were-- having to
    type a passphrase every time I recompiled something would be
    intolerable, and if it were automated, malware could automate the
    signing just as well as my compiler front-end could.

    /~\ The ASCII der Mouse
    \ / Ribbon Campaign
     X Against HTML mouse@rodents.montreal.qc.ca
    / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

  • Next message: Drew Copley: "RE: Another Low Blow From Microsoft: MBSA Failure!"
    • Quantcast