Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
From: <carlo@xxxxxxxxxxxxxxxx>
Date: 13 Feb 2004 16:10:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <DHELIJMHOLKLHKFHGGGLIEDHCAAA.disclosure@xxxxxxxxxxxxx>

It's nice to see this getting some attention.  We've been working on some 
exploits in this area for the last year, and actually have been able to use 
and/or steal a user's private key from the CSP that IE uses.

We used DLL injection for our attacks; we didn't know about dll proxies.

We put out a Technical Report about this in February of last year, and our 
paper appeared at the "2nd Annual PKI Research Workshop" at NIST in April 2003. 
 The latest version can be found here:

http://www.cs.dartmouth.edu/~carlo/research/tr2004-489.pdf

It's a fun read.

John

Prev by Date: [FLSA-2004:1232] Updated slocate resolves security vulnerabilites
Next by Date: RE: [Full-Disclosure] Re: W2K source "leaked"?
Previous by thread: [FLSA-2004:1232] Updated slocate resolves security vulnerabilites
Next by thread: TSLSA-2004-0006 - mutt
Index(es):
- Date
- Thread