lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Apr 27 00:57:05 2005
From: phased at mail.ru (phased)
Subject: Re: email attack vector just got wider

<img src="http://www.knightofavl.com/images/ChrissirhC.jpg">

-----Original Message-----
From: "Randall M" <randallm@...mail.com>
To: "'Micheal Espinola Jr'" <michealespinola@...il.com>,"'Full Disclosure'" <full-disclosure@...ts.grok.org.uk>
Date: Tue, 26 Apr 2005 18:39:51 -0500
Subject: RE: [Full-disclosure] Re: email attack vector just got wider

> 
> Just my 2cents worth. About the only defense is using programs such as
> MailSecurity to block and alert when anything is encrypted or password
> protected.
>  
>  
> 
> thank you 
> Randall M 
> 
> "If we ever forget that we're one nation under God, then we will be a nation
> gone under." 
> - Ronald Reagan 
> _________________________________ 
> 
>  
> 
> 
>   _____  
> 
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Micheal
> Espinola Jr
> Sent: Tuesday, April 26, 2005 11:56 AM
> To: Full Disclosure
> Subject: [Full-disclosure] Re: email attack vector just got wider
> 
> 
> an update:
>  
> My latest finding is that Adobe PDF's with embedded attachments can be
> bundled and distributed as a Secure Electronic Envelope (eEnvelope).
> eEnvelopes are designed to protect documents in transit with the use of
> encryption. 
>  
> Password protected .ZIP's are typically addressed at the SMTP gateway by AV
> software with the option to strip or reject compressed file attachments that
> are not readily scan-able (due to the password protection, etc). 
>  
> Although Adobe recommends enabling scanning all file types in order to scan
> a PDF (and ass/u/me'ing its embedded contents as well), an AV scanner is not
> currently going to be able to scan this encrypted content until the content
> has been rendered/unencrypted at the desktop. 
>  
> While many AV vendors have factored certain compressed archive standards
> into their products, I have seen no indication that this is being addressed
> for this relatively new and already widely deployed product.
>  
> Call me a worry-wort, but I foresee this is the next "in" for malware
> distribution.
> 
>  
> 
> On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com> wrote: 
> 
> Perhaps not "just".  My apologies for those that are aware of this, but it
> seems Adobe 6 also had this capability - although many people have been
> unaware of this.  I recently upgrade from 5 to 7, so I missed this potential
> issue from the get-go. 
>  
> Someone pointed out to me that Symantec does have a bulletin stating that by
> setting your AV to "scan all files" you can detect a virus inside a file
> embedded into a PDF.
>  
> Unfortunately, this does not address the blocking of certain attachments
> outright.
> 
>  
> 
> On 4/25/05, Micheal Espinola Jr <michealespinola@...il.com
> <mailto:michealespinola@...il.com> > wrote: 
> 
> It seems most people I know haven't noticed that the new version of Adobe
> Acrobat (7) now allows for embedded/attached documents.
>  
> Since PDF's have generally been considered a safe document format and are
> typically not blocked by content/attachment scanners, this now opens an
> email-based attack vector that anti-virus providers [to the best of my
> knowledge] are not currently addressing. 
>  
> Many thanks to Adobe for creating another issue for us to deal with, and
> especially for not having the forethought to coordinate with anti-virus
> vendors to prepare for assuredly future exploitation of the technology. 
> 
> 
> -- 
> ME2
> 
> my home: <http://www.santeriasys.net/>
> my photos: <  <http://mespinola.blogspot.com/>
> http://mespinola.blogspot.com/> 
> 
> 
> 
> 
> -- 
> ME2
> 
> my home: <  <http://www.santeriasys.net/> http://www.santeriasys.net/>
> my photos: <  <http://mespinola.blogspot.com/>
> http://mespinola.blogspot.com/> 
> 
> 
> 
> 
> -- 
> ME2
> 
> my home: <http://www.santeriasys.net/>
> my photos: <http://mespinola.blogspot.com/> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ