lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <D3B573771A13441099C3B828C8679461@acros.si>
Date: Mon, 20 Sep 2010 18:52:19 +0200
From: "ACROS Security Lists" <lists@...os.si>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.grok.org.uk>,
	<cert@...t.org>, <si-cert@...es.si>
Subject: Binary Planting Attack Vectors - There's more than one way to skin a cat... or plant a binary, for that matter


ACROS Security is presenting an analysis of many different delivery methods for
binary planting attacks, providing a hopefully more comprehensive view on the
feasibility of such attacks. We looked at some of the most popular web browsers, most
popular e-mail clients and most popular document readers, trying to use them as
delivery mechanisms for binary planting attacks.

Some interesting findings:

- Clicking a link to a remote shared folder on a web page will open this share in
Windows Explorer without a warning for 67% of all Internet Explorer users.

- Clicking a link to a remote shared folder in an e-mail message will open this share
in Windows Explorer without a warning for all Outlook, Windows Mail and Windows Live
Mail users, regardless of their default web browser. (E-mail is the most likely
vector for targeted attacks on corporate and government networks.) 


A full commentary:
http://blog.acrossecurity.com/2010/09/binary-planting-attack-vectors.html
Analysis: http://www.binaryplanting.com/attackVectors.htm


Do the demonstrations for yourself and let us know how they worked for you.


Pleasant reading,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do

Powered by blists - more mailing lists