|
Bugtraq
mailing list archives
Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
From: Darren Reed <avalon () caligula anu edu au>
Date: Tue, 10 Feb 2004 14:51:29 +1100 (Australia/ACT)
In some mail from David Schwartz, sie said:
This is a total non-issue. Almost every attack vector that could place a
malicious DLL in the same directory as IE could replace IE itself or snap
screen captures. SSL is not intended to protect against attacks on either
endpoint.
This is like complaining that your safe doesn't keep people from
breaking
your windows. Of course Microsoft has no intended fix, nothing is broken.
[...]
Oh rubbish.
Signed applications and signed DLLs and signed drivers.
Well all of those aren't there yet (only drivers for Windows),
but it's coming to a Unix near you SOONER rather than later.
Or is that the kind of thing you disable upon installation
because it gets in the way of you being able to install whatever
"you" want ?
Darren
 By Date 
By Thread
Current thread:
| 
Intro
