Thursday, August 26, 2010

Releasing SHA-256 Hashes of Binary Planting Vulnerabilities

We're releasing SHA-256 hashes of 396 DLL planting and 127 EXE planting vulnerabilities we found during our extensive binary planting research. After a long internal discussion we decided that - considering the public availability of detection tools and instructions that make it possible for everyone to search for (a subset of) binary planting issues - it would not be appropriate to publish such information. We feel that doing so might encourage attacks against the identified vulnerable applications, which could negatively impact the security of end-users.

Hashes are available here: http://www.acrossecurity.com/files/binary_planting_sha256.txt