lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Apr 26 17:56:31 2005
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: Re: email attack vector just got wider

an update:
 My latest finding is that Adobe PDF's with embedded attachments can be 
bundled and distributed as a Secure Electronic Envelope (eEnvelope). 
eEnvelopes are designed to protect documents in transit with the use of 
encryption.
 Password protected .ZIP's are typically addressed at the SMTP gateway by AV 
software with the option to strip or reject compressed file attachments that 
are not readily scan-able (due to the password protection, etc).
 Although Adobe recommends enabling scanning all file types in order to scan 
a PDF (and ass/u/me'ing its embedded contents as well), an AV scanner is not 
currently going to be able to scan this encrypted content until the content 
has been rendered/unencrypted at the desktop.
 While many AV vendors have factored certain compressed archive standards 
into their products, I have seen no indication that this is being addressed 
for this relatively new and already widely deployed product.
 Call me a worry-wort, but I foresee this is the next "in" for malware 
distribution.


On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com> wrote: 
> 
> Perhaps not "just". My apologies for those that are aware of this, but it 
> seems Adobe 6 also had this capability - although many people have been 
> unaware of this. I recently upgrade from 5 to 7, so I missed this potential 
> issue from the get-go. 
>  Someone pointed out to me that Symantec does have a bulletin stating that 
> by setting your AV to "scan all files" you can detect a virus inside a file 
> embedded into a PDF.
>  Unfortunately, this does not address the blocking of certain attachments 
> outright.
> 
>  On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com> wrote: 
> > 
> > It seems most people I know haven't noticed that the new version of 
> > Adobe Acrobat (7) now allows for embedded/attached documents.
> >  Since PDF's have generally been considered a safe document format and 
> > are typically not blocked by content/attachment scanners, this now opens an 
> > email-based attack vector that anti-virus providers [to the best of my 
> > knowledge] are not currently addressing. 
> >  Many thanks to Adobe for creating another issue for us to deal with, 
> > and especially for not having the forethought to coordinate with anti-virus 
> > vendors to prepare for assuredly future exploitation of the technology. 
> > 
> > -- 
> > ME2
> > 
> > my home: <http://www.santeriasys.net/>
> > my photos: < http://mespinola.blogspot.com/> 
> > 
> 
> 
> 
> -- 
> ME2
> 
> my home: <http://www.santeriasys.net/>
> my photos: < http://mespinola.blogspot.com/> 
> 



-- 
ME2

my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050426/9830a446/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ