|
|
BugTraq
Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 06:24PM Disclosure From OSSI (disclosure ossecurity ca) (4 replies) RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 10:42PM Oliver Lavery (olavery pivx com) RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 10:01PM David Schwartz (davids webmaster com) (1 replies) RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 07:31PM Ward Taylor (rfdhomer windyplains com) (2 replies) Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 04:40PM Nexus (nexus patrol i-way co uk) Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 10:31AM Peter Pentchev (roam ringlet net) Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 07:20PM Seth Arnold (sarnold wirex com) |
|
Privacy Statement |
>
>
> This is a total non-issue. Almost every attack vector that could place a
> malicious DLL in the same directory as IE could replace IE itself or snap
> screen captures. SSL is not intended to protect against attacks on either
> endpoint.
>
> This is like complaining that your safe doesn't keep people from
> breaking
> your windows. Of course Microsoft has no intended fix, nothing is broken.
[...]
Oh rubbish.
Signed applications and signed DLLs and signed drivers.
Well all of those aren't there yet (only drivers for Windows),
but it's coming to a Unix near you SOONER rather than later.
Or is that the kind of thing you disable upon installation
because it gets in the way of you being able to install whatever
"you" want ?
Darren
[ reply ]