ritter.vg
ClickOnce MITM Attacks
21 July 2010 00:44:23 EST

I wrote a bugtraq post about the Microsoft ClickOnce Installer/Updater system, and how it's relatively easy to strip away code signing and man-in-the-middle an update and inject your malicious code. Here's the writeup.

Comments
Add a comment...
required
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
*italics*italics
**bold**bold
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"