Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
From: <carlo () cs dartmouth edu>
Date: 13 Feb 2004 16:10:46 -0000
In-Reply-To: <DHELIJMHOLKLHKFHGGGLIEDHCAAA.disclosure () ossecurity ca>

It's nice to see this getting some attention.  We've been working on some exploits in this area for the last year, and 
actually have been able to use and/or steal a user's private key from the CSP that IE uses.

We used DLL injection for our attacks; we didn't know about dll proxies.

We put out a Technical Report about this in February of last year, and our paper appeared at the "2nd Annual PKI 
Research Workshop" at NIST in April 2003.  The latest version can be found here:

http://www.cs.dartmouth.edu/~carlo/research/tr2004-489.pdf

It's a fun read.

John

  By Date           By Thread  

Current thread:
  • Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer carlo (Feb 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]