Safari, Windows i les males pràctiques de disseny
12 juny 2008 —  — Classificat com a: Seguretat, Windows — Comentaris (0) |
Interessant lectura de com una empresa desenvolupadora d'un navegador pot prendre decissions que són alhora una mala pràctica i un forat de seguretat: Proof of Concept “carpet bombing” exploit released in the wild i com això pot ser utilitzat per crear atacs imaginatius.
Nitesh Dhanjani discovered that Safari for Windows puts downloads automatically to Desktop and argued this can potentially make a mess of Desktop, naming it the effect of “Safari Carpet Bomb”. Later Microsoft issued an advisory stating “remote code execution on all supported versions of Windows XP and Windows Vista” and “Aviv Raff for working with us and reporting the blended threat of Safari and Microsoft Internet Explorer”. Aviv Raff posted on his blog “Safari pwns Internet Explorer”, clarifying “this combined attack also exploits an old vulnerability in Internet Explorer that I’ve already reported to them a long long time ago”.
The old vulnerability that Aviv Raff reported to Microsoft long time ago is described in two articles by Aviv Raff: IE7 DLL-load hijacking Code Execution Exploit PoC, and Internet Explorer 7 — Still Spyware Writers Heaven, both dating back to 2006(yeah that’s really “a long long time ago”). This vulnerability lies in Windows Internet Explorer loading program library files(DLL) from user’s Desktop instead of its own library file folder(usually C:\WINDOWS\SYSTEM32), when filenames are set to some specific values.
Liu’s posts also mention a new security threat in Safari for Windows, different than the “blended threat” described by Microsoft, and summarizes the whole fiasco about who’s responsible for what in short :
Safari for Windows puts downloads to Desktop by default without a dialog box (such as the “File Download” dialog box in IE). Well, this is in fact a quite reasonable and convenient feature — downloading and saving requested file to user’s Desktop by default. This feature itself does not constitute a mistake. What really makes the “blended threat” is some problem in loading program library files (DLL) by Windows Internet Explorer (and probably others)
Entrades aleatòries
Carregant…
