lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lists.netsys.com at jscript.dk (Thor Larholm)
Subject: Re: Administrivia: Testing Emergency Virus Filter..

> From: "Drew Copley" <dcopley@...e.com>
> Actually, quite a few don't, some still rely on piggy backing Outlook.
> But, yes, this trend should be dissapearing as people upgrade so their
> Outlook client will no longer be able to be remote controlled by another
> application. (Current versions not only block attachments but also the
> ability for applications to access the api framework, itself).

Specific parts of the API for Outlook is blocked completely (unless the enduser
manually approves otherwise), which has also had an effect on existing
mainstream applications such as tighly integrated antispam products (I had
problems using my favorite, www.spamfighter.com). Precisely because of this,
several solutions were devised almost immediately to circumvent these
restrictions by proxying through thirdparty COM objects such as Redemption (
http://www.dimastr.com/redemption/ ) so one could still reach the entire Outlook
object model.

"Outlook Redemption works around limitations imposed by the Outlook Security
Patch and Service Pack 2 of MS Office 2000 and Office XP (which includes
Security Patch) plus provides a number of functions to work with properties and
functionality not exposed through the Outlook object model."

I like Redemption, not as much for its ability to circumvent the complete API
block but for its utility functions which come quite handy when developing
Outlook extensions :)

> Even if email clients do start encrypting this information, it will
> still be easy to bypass because it is local. There is always a crack for
> local work. But, such a thing may deter some virus writers.

99% of virus writers would have problems understanding the concept of
Redemption. I'm still amazed at how many virii rely on enduser interaction when
they clearly need not to.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ