Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jeremiah Grossman (jeremiahwhitehatsec.com)
Date: Mon Dec 10 2001 - 12:54:35 CST
honestly I havent looked over the whole .NET anything
enough. There is a ton to it!
But anytime you got mobile code running on the client
end or even the server-side, you got potential problems.
Its just a matter of finding out where they are.
moksha faced wrote:
> I don't know if you've had a chance to review the new
> .NET framework from MS (looked like more smoke and
> mirrors to me), but _supposedly_ the new framework
> tries to at least _look_ like java in that native
> calls will be reviewed before they are executed. In
> reading through their spec I saw nothing in there that
> _explicitly_ addressed the mobile code problems with
> ActiveX use. They do still intend to use the stack,
> and group things together in "assemblies" and have the
> code verified via 'stack walk', etc... but it will
> still end up being machine level code.
> I'm a java junky and haven't played with it first
> hand, but this may be some good news coming from MS
> about addressing their inherent flaws. It's about
> time imho.
> --- Jeremiah Grossman <jeremiahwhitehatsec.com>
> > Yah, can be quite devastating. Get a user to read a
> > script, load in activeX,
> > sploit
> > activeX and you own the box. Quite concerning
> > indeed. Thats it, never using
> > webmail again :)
> > "Ogle Ron (Rennes)" wrote:
> > > What a great concept, engineered hijacking.
> > Create an ActiveX control that
> > > is very very useful but has a designed-in flaw
> > that creates a buffer
> > > overflow that will do exactly what you say in "A"
> > below. The ActiveX
> > > program isn't a virus or a Trojan horse because
> > the program doesn't actually
> > > violate your system. The control just provides a
> > good door for another
> > > intruder. (Couldn't we say the same for Windows
> > in general?)
> > >
> > > My .02
> > > Ron Ogle
> > > Rennes, France
> > >
> > > > -----Original Message-----
> > > > From: Andrew van der Stock
> > [mailto:ajve-secure.com.au]
> > > > Sent: Monday, December 10, 2001 6:20 AM
> > > > To: 'Jeremiah Grossman'
> > > > Cc: webappsecsecurityfocus.com
> > > > Subject: RE: (OWASP)FW: Session Hijacking
> > Thoughts
> > > ......
> > > >
> > > > Another method to control an end browser might
> > be:
> > > >
> > > > A) find an ActiveX control with a buffer
> > overflow that is non-fatal to
> > > > the browser session but does provide enough
> > space to ...
> > > > B) download a new ActiveX control to the box
> > > > C) inspire the user to visit a frame or two that
> > you control
> > > > to activate
> > > > the ActiveX control, or change their Home page
> > to a new home page
> > > > redirector that you control that activates the
> > ActiveX
> > > > control and then
> > > > off to the original.
> > > >
> > --
> > Jeremiah Grossman (jeremiahwhitehatsec.com)
> > WhiteHat Security (www.whitehatsec.com)
> > gpg --keyserver wwwkeys.us.pgp.net --recv-keys
> > 4E43B472
> > Key fingerprint = 68 1D F0 A9 3C C3 66 34 ED 08 01
> > 10 0F 69 C7 A2 4E 43 B4 72
> Do You Yahoo!?
> Send your FREE holiday greetings online!
-- Jeremiah Grossman (jeremiahwhitehatsec.com) WhiteHat Security (www.whitehatsec.com) gpg --keyserver wwwkeys.us.pgp.net --recv-keys 4E43B472 Key fingerprint = 68 1D F0 A9 3C C3 66 34 ED 08 01 10 0F 69 C7 A2 4E 43 B4 72