Bugtraq mailing list archives
Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
From: Seth Arnold <sarnold () wirex com>
Date: Mon, 9 Feb 2004 11:20:29 -0800
On Mon, Feb 09, 2004 at 01:24:04PM -0500, Disclosure From OSSI wrote:
But this mechanism can only protect a limited segment of WINDOWS users against this DLL proxy attack. For example, XP Home Edition (SP1) is installed by default with administrator privileges for accounts and therefore ACL for program folders are wide open to be modified. Many Windows platforms use an un-secured file system such as FAT or FAT32 without ACL protection.
By definition, anyone running any such system has explicitely decided to trust all the users of the machine to act in accordance with common shared goals. You're confusing security mechanism with security policy; if someone's security policy allows everyone to have administrator status, then this is NOT a security problem, as you claim. This is legitimate use of legitimate privileges. -- Immunix Secured Linux Distribution: http://immunix.org/
Attachment:
_bin
Description:
Current thread:
- Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Disclosure From OSSI (Feb 09)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Seth Arnold (Feb 09)
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer David Schwartz (Feb 09)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Darren Reed (Feb 10)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer der Mouse (Feb 10)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer John D. Hardin (Feb 11)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer der Mouse (Feb 11)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Darren Reed (Feb 12)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer der Mouse (Feb 12)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Darren Reed (Feb 12)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer der Mouse (Feb 12)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Darren Reed (Feb 10)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Glynn Clements (Feb 12)