RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission

From: ACROS Security Lists <lists@acros.si>
To: 'adam' <adam@papsy.net>
Cc: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission
Date:


Hi Adam, 

I'm afraid you don't fully understand the issue. This is not about placing your own
DLL on a local machine so that a chosen application will load it (i.e., user
"attacking" an application on his own computer). It is about an application running
on your computer silently grabbing a malicious DLL from attacker-controlled location
- possibly on a remote share - and executing its code (i.e., attacker with zero
privileges on user's computer executing code on that computer).

I hope this helps a little.

Cheers,
Mitja


> -----Original Message-----
> From: iarethebest@gmail.com [mailto:iarethebest@gmail.com] On 
> Behalf Of adam
> Sent: Thursday, September 15, 2011 11:26 PM
> To: Thor (Hammer of God)
> Cc: security@acrossecurity.com; Christian Sciberras; 
> full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting 
> Clean-Up Mission
> 
> Plus: pretending that you're on the same page as Microsoft 
> (from a security standpoint) to further your own argument is 
> more damaging than it is beneficial. The entire "binary 
> planting" concept was flawed from the very beginning. If you 
> can drop a binary file on a user's machine - make it an 
> executable and be done with it. There's nothing fancy or 
> innovative about forcing applications to use specific DLLs - 
> script kiddies have been doing it for over 10 years to inject 
> custom code in multiplayer games. 
> 
> On Thu, Sep 15, 2011 at 3:59 PM, Thor (Hammer of God) 
> <thor@hammerofgod.com> wrote:
> 
> 
>       I'm curious.  Who is your contact at MSFT?  Who is it 
> that has told you they have a "Binary Planting Clean-up 
> Mission" and where do they mention you as having anything to 
> do with it?
>    
>     If you are going to claim MSFT's actions as substantive 
> to your agenda, how about provide some details?
>     
>     t
>    
>     > -----Original Message-----
>    > From: ACROS Security Lists [mailto:lists@acros.si]
>    > Sent: Thursday, September 15, 2011 1:41 PM
>    > To: 'Christian Sciberras'
>   > Cc: Thor (Hammer of God); full-disclosure@lists.grok.org.uk;
>  > bugtraq@securityfocus.com
>     
>     > Subject: RE: [Full-disclosure] Microsoft's Binary 
> Planting Clean-Up Mission
>  >
>       
>     > Hey Chris,
>    >
>       > > I bet Microsoft actually like stating they just 
> fixed yet another
>  > > severe bug.
>    > > Zero-day fixing is big business, you know....even if "zero"
>  > > is past a few "days".
>        >
>       > I don't think Microsoft gains much from being able to 
> say they fixed yet
>     > another bug
>   > - maybe if it were a bug they found internally and 
> fixed proactively, but not
>     > like this. And I'm sure they'd rather be doing 
> something else than fixing:
>      > fixing a product costs a lot, and it generates no revenue.
>    >
>       > Cheers,
>       > Mitja
>         
>     _______________________________________________
>      Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>       Hosted and sponsored by Secunia - http://secunia.com/
>        
> 
> 
> 





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.