[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42210a440706051101n134d2088q35d20358fd97aad@mail.gmail.com>
Date: Tue, 5 Jun 2007 14:01:25 -0400
From: "matthew wollenweber" <mwollenweber@...il.com>
To: "Muscarella, Sebastian (IT)" <Sebastian.I.Muscarella@...ganstanley.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Macro threats
When I do penetration tests I think macros are a useful tool. Most
organizations now have strong perimeter defenses. So the initial foothold
onto the network is a substantial challenge. For larger networks you can
anticipate stupid (unknowning) users that will launch a macro. Everyone has
their favorite set of excel macros after all. It's not a clever attack, but
it gets the job done. The challenge of getting a foothold may increase the
pressure to use macro attacks. However, overall I think there will be a
slight decline
In favor of not using macros is Web 2.0. Via web "defacement", XSS, DNS
attacks, and social networking sites that I can fairly confidently find a
secondary target that I know my primary target will visit. I can then attack
IE/Firefox. I think it's a fair bet to say there's always an exploit for
IE/Firefox/Flash/libjpeg/libpng/wmv/mpeg/etc that's standard content for web
pages. Further, Office 2007 is now on the scene. While I have no expertise
on Office software is generally more prone to bugs (and thus attacks)
earlier in it's life cycle. Therefore, Office attacks might focus more on
direct exploitation rather than using a macro.
The above is just my opinion. I have no hard data supporting it one way or
another, so take it as you will.
-Matt
On 6/5/07, Muscarella, Sebastian (IT) <
Sebastian.I.Muscarella@...ganstanley.com> wrote:
>
> Wanted to ask this forum's opinion on the state of macro threats. While
> we have not seen too many this past year which were actively exploited, we
> wanted to know if there are any indications on whether this threat would
> increase, decrease, become more sophisticated in the next year or two.
>
> Any information would be very helpful. We're currently looking at
> enhancing some security features in-house around Microsoft Office, and want
> as much intelligence on the topic as possible.
>
> Thanks,
>
> Sebastian Muscarella
>
> ------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Matthew Wollenweber
mwollenweber@...il.com | mjw@...erwart.com
www.cyberwart.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists