> Isn't *any* mechanism for code execution going to be effective with the use
> of social engineering? I mean, isn't that what we've known for years, that
> the weakest component of any security system is the users?
Yes, we know. Don't get us wrong. We're not telling Social Engineering.
We're tel
>DLL Hijacking is highly effective in combination with use of Social
Engineering Toolkit.
Isn't *any* mechanism for code execution going to be effective with the use
of social engineering? I mean, isn't that what we've known for years, that
the weakest component of any security system is the user
Christian Sciberras wrote:
> I can't take THAT seriously. At least not all of it.
>
> The part that interested me most:
>
>> 4. Should I find such vulnerability in many applications as I can?
>>
>> You should not. It's just a waste of time and your energy. Focus on most
>> popular application
> If, say, DWM.dll is exploitable, why not point *that* out rather than
> point out the many applications that are using it (wrongly)?
>
As I might have said in earlier mail, I have to do this so that
vulnerability news site such as secunia , securiteam authors can get
enough information for each
Hi Christian
The reason I use "Clean" doesn't mean (or I'm not accusing) your
Windows is infected.
It's better to test DLL Hijacking in Clean Copy of Windows without any
prior applications messup.
Please take a look at
http://core.yehg.net/lab/pr0js/texts/when_testing_for_dll_hijacking.txt
We th
I can't take THAT seriously. At least not all of it.
The part that interested me most:
> 4. Should I find such vulnerability in many applications as I can?
>
> You should not. It's just a waste of time and your energy. Focus on most
> popular application types/classes.
If, say, DWM.dll is exp
* replace my later "possible" with "dll" (to hell with distractions!)
Cheers,
Chris.
On Thu, Sep 9, 2010 at 12:52 PM, Christian Sciberras wrote:
>> Bwt, you can simply turn our Internet-based test into an intranet or local
>> test by
>> copying the files to your local share or a folder on you
> Bwt, you can simply turn our Internet-based test into an intranet or local
> test by
> copying the files to your local share or a folder on your computer and
> double-click
> the .wab file from there. The usual caution with runnning code from unknown
> sources
> applies, of course.
I did bett
Hi Chris,
> Considering Acros highlighted how their POC was highly
> unstable (they've frequently advised to try the program
> several times to get it to work) I don't see such abnormal
> behaviour out of this world.
Indeed, we're seeing problems with accessing (any) remote WebDAV shares from
> > I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
> > with latest windows updates applied (as of Today -sept 09 2010).
> Could be a virus/trojan from my XP machine might have caused some form
> of immunity against this issue?
> And perhaps my extensive meddling and customizati
> I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
> with latest windows updates applied (as of Today -sept 09 2010).
Could be a virus/trojan from my XP machine might have caused some form
of immunity against this issue?
And perhaps my extensive meddling and customization somehow
I must say I can't take your word according to my testing.
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010). I
used Acros Security's 64 bit demo.
Should I make movie to prove that like
1- Updating Windows (check for
That is what others said, yet it installed automatically on mine.
The only interaction was that I allowed it to be downloaded and
installednot really geeky at all...
I must say you'll have to take my word on it.
On Thu, Sep 9, 2010 at 1:36 AM, wrote:
> Christian Sciberras wrote:
>
Christian Sciberras wrote:
>>> MS issued a patch quite some time ago.
> http://support.microsoft.com/kb/2264107
That is not a "patch", not installed by default: is only for
uber-geeks who manually install it. Was issued a week ago, in
response to this kerfuffle, not "quite some time ago".
Which
http://support.microsoft.com/kb/2264107
That is installed both in my win7 64bit workstation system and the
32bit XP Pro (virtualized) system.
For the matter, that POC never worked on my PC, at least their initial
implementation was always flawed.
(speaking of which, did they really have to fail it
Christian Sciberras wrote:
> MS issued a patch quite some time ago.
Would you be able to give a reference to that patch, and comment on
its relationship to the recent
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
http://www.microsoft.com/
> Do you mean that the practical solution would be for MS to set
> sensible defaults? It took them many years for SafeDllSearchMode,
> expect just as many for CWDIllegalInDllSearch.
Did you read my email about real-world testing of this issue?
MS issued a patch quite some time ago.
This "vulnerabi
Christian Sciberras wrote:
> ... the approach to fixing it is not practical ...
> ... it is [the fault of] the underlying dll loading mechanism.
Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect just as many fo
osure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Christian
Sciberras
Sent: Wednesday, September 08, 2010 1:07 PM
To: YGN Ethical Hacker Group
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] KeePass version 2.12 &
With the recent MS update/patch and my POC failure (to exploit the
vuln), it is clear that this type of "vulnerability" is impractical.
In the (few) cases where it *might* work, the approach to fixing it is
not practical; that is, there are hundreds if not thousands, of
vulnerable applications.
Jus
A vulnerability is a vulnerability.
A SQL Injection is a type of Vulnerability.
For each type of Vulnerability, there will be thousands of web
applications that might be vulnerable to it.
DLL Hijacking is same.
We do each post rather than a list so that security vulnerability news
site can get req
Be patient.
It won't last for too long.
Even if you're tired of it, those who've been using it for creating
botnets love to see it.
On Tue, Sep 7, 2010 at 2:28 PM, Christian Sciberras wrote:
> I'm getting a bit tired of throwing away these "security advisories".
>
> Really, someone should insta
I'm getting a bit tired of throwing away these "security advisories".
Really, someone should install a whole load of popular applications, ensure
any of them load their own files, and finally, thanks to a mass dependency
check, ensure DWM is being loaded at runtime.
At least, it would be just one
excuse me, kdbx. same difference
On Tue, Sep 7, 2010 at 2:23 AM, Dan Kaminsky wrote:
> So, what's the security model around .ygwx files?
>
>
> On Tue, Sep 7, 2010 at 1:57 AM, YGN Ethical Hacker Group
> wrote:
>
>> The fixed version KeePass 2.13 has been released.
>>
>> http://keepass.info/new
So, what's the security model around .ygwx files?
On Tue, Sep 7, 2010 at 1:57 AM, YGN Ethical Hacker Group wrote:
> The fixed version KeePass 2.13 has been released.
>
> http://keepass.info/news/n100906_2.13.html
>
> But failure to describe "DLL Hijacking was fixed".
>
> _
The fixed version KeePass 2.13 has been released.
http://keepass.info/news/n100906_2.13.html
But failure to describe "DLL Hijacking was fixed".
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hoste
1. OVERVIEW
The KeePass application is vulnerable to Insecure DLL Hijacking
Vulnerability. Similar terms that describe this vulnerability
have been come up with Remote Binary Planting, and Insecure DLL
Loading/Injection/Hijacking/Preloading.
2. PRODUCT DESCRIPTION
KeePass Password Safe is a fre
27 matches
Mail list logo
