Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer

carlo_at_cs.dartmouth.edu
Date: 02/13/04

  • Next message: Drew Copley: "RE: [Full-Disclosure] Re: W2K source "leaked"?"
    Date: 13 Feb 2004 16:10:46 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <DHELIJMHOLKLHKFHGGGLIEDHCAAA.disclosure@ossecurity.ca>

    It's nice to see this getting some attention. We've been working on some exploits in this area for the last year, and actually have been able to use and/or steal a user's private key from the CSP that IE uses.

    We used DLL injection for our attacks; we didn't know about dll proxies.

    We put out a Technical Report about this in February of last year, and our paper appeared at the "2nd Annual PKI Research Workshop" at NIST in April 2003. The latest version can be found here:

    http://www.cs.dartmouth.edu/~carlo/research/tr2004-489.pdf

    It's a fun read.

    John


  • Next message: Drew Copley: "RE: [Full-Disclosure] Re: W2K source "leaked"?"

    Relevant Pages

    • Re: Macromedia DW MX PHP Authentication Suit Vulnerabilities
      ... ('binary' encoding is not supported, ... Thank you for bringing this to our attention. ... Macromedia has contacted ... Product Manager, Dreamweaver ...
      (Bugtraq)
    • Re: Vulnerability in Coppermine Photo Gallery 1.3.*
      ... ('binary' encoding is not supported, ... Thankyou for bringing this to our attention. ... Nibbler ... Coppermine Dev Team. ...
      (Bugtraq)
    • [mod_python] Knowing the encoding of the URI
      ... and I am confronted with a problem I don't know how to solve in an elegant way... ... is there a way to know in which encoding the is coded? ... I noticed the "content_encoding" member of the request, but it is always set to None... ... Thanks for your attention, ...
      (comp.lang.python)
    • Re: Russian text output
      ... I use cp1251 encoding for Babel package. ... I also put attention that old fashioned operator fileopen, printline also works. ...
      (microsoft.public.dotnet.languages.vb)