lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <11817.1181065020@turing-police.cc.vt.edu>
Date: Tue, 05 Jun 2007 13:37:00 -0400
From: Valdis.Kletnieks@...edu
To: "Muscarella, Sebastian (IT)" <Sebastian.I.Muscarella@...ganstanley.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Macro threats

On Tue, 05 Jun 2007 11:37:53 EDT, "Muscarella, Sebastian (IT)" said:
> Wanted to ask this forum's opinion on the state of macro threats.  While
> we have not seen too many this past year which were actively exploited,
> we wanted to know if there are any indications on whether this threat
> would increase, decrease, become more sophisticated in the next year or
> two.

This is entirely dependent on how good a job the industry does in getting
rid of even lower-hanging fruit.  It's not going to go on a major burn as
"big threat" as long as users keep on "ooh shiny!" clicking and similar
easy ways to get your code run on the target.

Of course, this also depends at least somewhat on what your threat model looks
like.  What you're likely to see in targeted attacks specifically aimed at
your organization will be vastly different from the "mass market" threats.
Also, beware of internal threats - things like subtly tweaked Excel files
(consider things like "column 94 equals sum of columns 34, 38, 41, and 48,
plus 0.25%" - what happens if some disgruntled employee changes that to 0.27%?)
Or forged backstabbing memos/documents, etc etc.  I wouldn't worry about
macro threats until you've got a handle on those issues....


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ