[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- To: Darren Reed <avalon@caligula.anu.edu.au>, bugtraq@securityfocus.com
- Subject: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- From: der Mouse <mouse@Rodents.Montreal.QC.CA>
- Date: Tue, 10 Feb 2004 16:10:55 -0500 (EST)
> Signed applications and signed DLLs and signed drivers [...] coming
> to a Unix near you SOONER rather than later.
> Or is that the kind of thing you disable upon installation because it
> gets in the way of you being able to install whatever "you" want ?
Depends. Does it include the tools necessary to sign my own code?
If not, yes, I will disable it, to the point of running a different OS
if necessary.
If so, what's to stop a malware creator from using those same tools to
sign the attack vector?
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B