Saturday, August 28, 2010 at 7:46PM Friday, August 27, 2010 at 11:02AM So welcome to the madness of .dll hijacking...
The current 2010 madness started with ACROS Security when they announced on 8/18/2010 about "binary planting" vulnerability in Apple iTunes for Windows.
HD Moore from Rapid7 said on twitter "The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell" linking to the ACROS advisory. The ACROS advisory hinted that it was more then just iTunes. HD promised that the following Monday that he would announce more information.
This was going to be a long weekend for some. However for me, "Its the end of the world as we know it... and I feel fine." I went out of town to the beach. I had a great time and I recommend the Marriott Hutchinson Island in Florida. This is not related to the story.
@jcran sensing the world was going to end took a trip through the Midwest under the excuse of a bachelor party. This will be the basis for the movie Hangover 2. This maybe related but we need to wait to see how the movie turns out.
Ok back to the .DLL! Monday rolls around. HD Moore releases a post on Rapid7's Security Blog titled "Application DLL Load Hijacking."
In his post, he notes that this has been around since 2000. It was originally noted by Georgi Guninski on Sep. 18, 2000 and links to a Microsoft MSDN article. He also notes that earlier this year, Taeho Kwon and Zhendong Su published a paper titled Automatic Detection of Vulnerable Dynamic Component Loadings. Since the "cat was out of the bag" HD pushed a generic exploit module to the Metasploit Framework.
HD also released an audit kit that can be used to identify naughty applications. <~ Download this right now!
Microsoft as helpful as always issued their Security Advisory and Support. This issue can not be fixed by Microsoft alone. It is up to the individual application programmers. Since this is not a buffer overflow/stack smash, there is not a simple fix. A fix could break other applications!
Microsoft has offered guidance to developers here.
Dave Marcus from McAfee has released a PodCast on it. It is also available on iTunes.
Hell NO! Let's get to some fun stuff... our first video comes from David Kennedy aka dave_rel1k.
Another great video is from Offensive Security. This one has awesome music by DualCore.
If this seems too technical for you, you can get a trial copy of Metasploit Express. This application has the exploit ready to go with a point, click, pwn interface.
I recommend going to the following 3 sites.
DLL Hijacking (KB 2269637) – the unofficial list
DLL Hijacking – Vulnerable Applications- Exploit DB
VUPEN Security Advisories- Insecure Library Loading
You should also test your own system with HD Moore's audit kit.
It has been an interesting week in the world of information security. I can't wait to see what next week brings!
Thursday, August 26, 2010 at 9:45AM This Dilbert cartoon sums up how I feel today!
Monday, August 23, 2010 at 12:22PM 
A coworker participates each year in the National Multiple Sclerosis Walk each year. We have a coworker who has been diagnosed with this and she walks each year on Team Happy Feet. Today they are having a bake sale to raise money. I am going to have my own type of fundraiser.
For each person who donates to the team, I will match the donation. This is a dollar for dollar match. However, the plot thickens! My company will match me dollar for dollar. This means your donation can become matched twice.
A donation of 25 dollars would raise 75 for the team ($25 from you, $25 from me, and $25 from the company)
How does one donate? Simple click the link below:
http://main.nationalmssociety.org/site/TR?px=1924342&pg=personal&fr_id=12866&s_tafId=138938
When finished, Click here to contact me.... Put in the subject: MS Walk. Once verified, I will make a donation as well as submit to my company to match.
Thank you for all your support in advance.
MS Walk Monday, August 23, 2010 at 12:13PM This was a fun read this morning about the history of 3G. It reminds me of my last 2 TV's that are 3D Ready but not really.
From Giz: http://gizmodo.com/5618307/a-tedious-and-personal-history-of-3g
