| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 27 00:39:56 2005 From: randallm at fidmail.com (Randall M) Subject: Re: email attack vector just got wider Just my 2cents worth. About the only defense is using programs such as MailSecurity to block and alert when anything is encrypted or password protected. thank you Randall M "If we ever forget that we're one nation under God, then we will be a nation gone under." - Ronald Reagan _________________________________ _____ From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Micheal Espinola Jr Sent: Tuesday, April 26, 2005 11:56 AM To: Full Disclosure Subject: [Full-disclosure] Re: email attack vector just got wider an update: My latest finding is that Adobe PDF's with embedded attachments can be bundled and distributed as a Secure Electronic Envelope (eEnvelope). eEnvelopes are designed to protect documents in transit with the use of encryption. Password protected .ZIP's are typically addressed at the SMTP gateway by AV software with the option to strip or reject compressed file attachments that are not readily scan-able (due to the password protection, etc). Although Adobe recommends enabling scanning all file types in order to scan a PDF (and ass/u/me'ing its embedded contents as well), an AV scanner is not currently going to be able to scan this encrypted content until the content has been rendered/unencrypted at the desktop. While many AV vendors have factored certain compressed archive standards into their products, I have seen no indication that this is being addressed for this relatively new and already widely deployed product. Call me a worry-wort, but I foresee this is the next "in" for malware distribution. On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com> wrote: Perhaps not "just". My apologies for those that are aware of this, but it seems Adobe 6 also had this capability - although many people have been unaware of this. I recently upgrade from 5 to 7, so I missed this potential issue from the get-go. Someone pointed out to me that Symantec does have a bulletin stating that by setting your AV to "scan all files" you can detect a virus inside a file embedded into a PDF. Unfortunately, this does not address the blocking of certain attachments outright. On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com <mailto:michealespinola@...il.com> > wrote: It seems most people I know haven't noticed that the new version of Adobe Acrobat (7) now allows for embedded/attached documents. Since PDF's have generally been considered a safe document format and are typically not blocked by content/attachment scanners, this now opens an email-based attack vector that anti-virus providers [to the best of my knowledge] are not currently addressing. Many thanks to Adobe for creating another issue for us to deal with, and especially for not having the forethought to coordinate with anti-virus vendors to prepare for assuredly future exploitation of the technology. -- ME2 my home: <http://www.santeriasys.net/> my photos: < <http://mespinola.blogspot.com/> http://mespinola.blogspot.com/> -- ME2 my home: < <http://www.santeriasys.net/> http://www.santeriasys.net/> my photos: < <http://mespinola.blogspot.com/> http://mespinola.blogspot.com/> -- ME2 my home: <http://www.santeriasys.net/> my photos: <http://mespinola.blogspot.com/> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050426/32a7b513/attachment.html
Powered by blists - more mailing lists