August 2021 Archives

Mon Aug 23 12:49:11 EEST 2021

DLL hijacking: 21 years old and still alive

DLL hijacking: 21 years old and still alive

Trustworthy defense in depth: DLL hijacking

Wikipedia on DLL hijacking

Due to a vulnerability commonly known as DLL hijacking, DLL spoofing, DLL preloading or binary planting, many programs will load and execute a malicious DLL contained in the same folder as a data file opened by these programs.[11][12][13][14] The vulnerability was discovered by Georgi Guninski in 2000.[15] In August 2010 it gained worldwide publicity after ACROS Security rediscovered it again and many hundreds of programs were found vulnerable.[16] Programs that are run from unsafe locations, i.e. user-writable folders like the Downloads or the Temp directory, are almost always susceptible to this vulnerability.

Our original advisory is from Mon, 18 Sep 2000

The DLL hijacking is CVE-2000-0854

It was known since 2000-09-19 that third party programs are vulnerable too, e.g. Bugtraq: Exploit using Eudora and the Guninski hole

The nimbda worm was released on the same day and used the vulnerabilities in the advisory.

Searching the web returns many results since 2020 and a site Latest DLL Hijack news.

In other news from 2020 Almost 300 Wi ndows 10 executables vulnerable to DLL hijacking

Appears to us the vulnerability is so hard to fix it will live forever ⬛.

Posted by LD_PRELOAD | Permanent link

Tue Aug 17 14:35:14 EEST 2021

Opinion: Governments don't want IT security, they want to have cyber weapons

Opinion: Governments don't want IT security, they want to have cyber weapons

Support for the above claim:

It provides both the exploits and RCS to government intelligence and law enforcement agencies around the world, and has come under attack for selling to repressive regimes, who've used them to target political activists and dissidents. But more interesting than the fact that the company possessed zero days---this was already known---is the correspondence around how Hacking Team acquired these valuable tools, prized equally by criminal hackers and government intelligence agencies.

If governments wanted security, they would report the bugs to the vendors.

Like in traditional warfare, cyber warfare requires weapons. It is very hard to construct physical nuclear bomb, but to construct cyber nuclear bomb requires just skills and zero budget. Some drunk skilled kid may do a lot of damage in the real world.

Who watches the watchers?

Posted by joro | Permanent link