| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jan 2011 15:36:08 +0000 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@...plicitymedialtd.co.uk>, Ed Murphy <ed.b.murphy@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Yes, it comes in very handy for those who need to ensure that the documents they placed on open shares be held at the printer for security. I love this part: "The adversary can then either print two copies of the victim's file and leave one on the printer for the victim, or print one copy of the victim's file and photocopy it before leaving the original on the printer for the victim, or print one copy of the victim's file and take it resulting in the victim thinking that perhaps they didn't click the print icon after all." They forgot to add "Or, the attacker could open the spreadsheet from the share." LOL t From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Cal Leeming [Simplicity Media Ltd] Sent: Monday, January 31, 2011 6:19 AM To: Ed Murphy Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing Wtf, I've never heard heard of a 'secure' print :S On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy <ed.b.murphy@...il.com> wrote: Hello list, Stumbled across this today. It appears Excel spreadsheets store printer information including the PIN you might use when trying to do a "secure" print. http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf The paper is quite thorough and shows that in most cases the PIN is stored in clear text in the spreadsheet, though some printer vendors try to obfuscate the PIN (though not very successfully). Thanks, Ed _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists