Good points, Valdis, but I think we know how to do this right: an
invalid/untrusted/unmatching certificate is not a cause for user-waivable
warning but
for a fatal you-shall-not-pass error. By allowing users to even go past the
warning
we're nurturing the automation of okaying such warning as
Valdis,
No, that's how to do it *hardline*. There's many in the
security industry that will explain to you that it's also
doing it *wrong*. Hint - the first time that HR sends out a
posting about a 3-day window next week to change your
insurance plan without penalty, signs it with
Hi Jeff,
I don't believe a PE/PE+ executable needs a DLL extension to
be loaded by LoadLibrary and friends.
True, any file can be loaded this way, but our pretty extensive experimenting
showed
extremely few cases where legitimate applications (in this case mostly
installers)
loaded
Hi Paul,
These two changes have been introduced earlier (sometime between April and
August).
We haven't noticed any mention of them in Microsoft's public documents.
Cheers,
Mitja
-Original Message-
From: paul.sz...@sydney.edu.au [mailto:paul.sz...@sydney.edu.au]
Sent: Friday,
Hi Mikhail,
Innovating hacks beyond and above black
hats does not really help people being more secure.
Whether the first part of this statement was meant as a compliment or not, I
would
give black hats much more credit than that. Whatever we're able to find with our
small-scale effort,
as substantive to
your agenda, how about provide some details?
t
-Original Message-
From: ACROS Security Lists [mailto:li...@acros.si]
Sent: Thursday, September 15, 2011 1:41 PM
To: 'Christian Sciberras'
Cc: Thor (Hammer of God); full-disclosure@lists.grok.org.uk;
bugt
agenda, how about provide some details?
t
-Original Message-
From: ACROS Security Lists [mailto:li...@acros.si]
Sent: Thursday, September 15, 2011 1:41 PM
To: 'Christian Sciberras'
Cc: Thor (Hammer of God); full-disclosure
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2011-08-18-2
-
ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2011-08-18-1
-
ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox
Security Lists
li...@acros.si wrote:
We published a remote/local proof of concept for the COM
Server-Based
Binary Planting exploit presented at the Hack in the Box
conference in Amsterdam.
Feel free to try it out online if WebDAV works through your
firewall,
or download
The latest security updates from Microsoft fix binary planting issues (loading
of
dwmapi.dll) in the following applications (and probably many more):
1. Autodesk 3ds Max 2010 Release 12.0
2. Autodesk 3ds Max 2011 Release 13.0
3. Avast! Free Antivirus 5.0.545
4. Avira Premium Security Suite
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2011-02-11-2
-
ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2011-02-11-1
-
ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader
=[BEGIN-ACROS-REPORT]=
PUBLIC
===
ACROS Security Problem Report #2011-01-11-1
-
ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure
After our Online Binary Planting Exposure Test became defunct as a result of
Microsoft fixing the Windows Address Book binary planting bug, we updated the
test
with two unfixed vulnerabilities. Everyone is welcome to keep testing their
Windows
computers for Internet-based binary planting
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-12-14-1
-
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL
preloading,
Insecure Library Loading) vulnerability has been (re)discovered in hundreds of
Windows applications (and likely undiscovered in thousands more), we've taken a
unique opportunity to compare software vendors' fixing
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-11-10-3
-
ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-11-10-2
-
ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-11-10-1
-
ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint
Microsoft patched three binary planting bugs in Office 2010 yesterday:
PowerPoint: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-1-PUB.txt
Word: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-2-PUB.txt
Excel: http://www.acrossecurity.com/aspr/ASPR-2010-11-10-3-PUB.txt
We're making some
An old unfixed Windows functional bug was just upgraded to a security bug. Our
researchers have discovered that Windows' inability to consistently expand
environment variables in user and system PATH breaks the binary planting
protection
provided by the SetDllDirectory function. The article
Hi Thor,
Thanks to Microsoft's defense in depth, double-clicking an .exe from a remote
share
pops up a security warning. In contrast, double-clicking a data file that opens
a
vulnerable application (which downloads and executes a .dll from the same share)
doesn't trigger such security warning.
Microsoft Visual Studio makes it possible to develop a binary planting-positive
(i.e., vulnerable) application without you having to write a single line of
code.
Every MFC application seems to be automatically made vulnerable, with those
statically linking MFC libraries actually having the
ACROS Security is presenting an analysis of many different delivery methods for
binary planting attacks, providing a hopefully more comprehensive view on the
feasibility of such attacks. We looked at some of the most popular web
browsers, most
popular e-mail clients and most popular document
25 matches
Mail list logo