[33718] in bugtraq
Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from
daemon@ATHENA.MIT.EDU (carlo@cs.dartmouth.edu)
Sat Feb 14 09:47:44 2004
Date: 13 Feb 2004 16:10:46 -0000
Message-ID: <20040213161046.8384.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <carlo@cs.dartmouth.edu>
To: bugtraq@securityfocus.com
In-Reply-To: <DHELIJMHOLKLHKFHGGGLIEDHCAAA.disclosure@ossecurity.ca>
It's nice to see this getting some attention. We've been working on some exploits in this area for the last year, and actually have been able to use and/or steal a user's private key from the CSP that IE uses.
We used DLL injection for our attacks; we didn't know about dll proxies.
We put out a Technical Report about this in February of last year, and our paper appeared at the "2nd Annual PKI Research Workshop" at NIST in April 2003. The latest version can be found here:
http://www.cs.dartmouth.edu/~carlo/research/tr2004-489.pdf
It's a fun read.
John
