lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42210a440706051101n134d2088q35d20358fd97aad@mail.gmail.com>
Date: Tue, 5 Jun 2007 14:01:25 -0400
From: "matthew wollenweber" <mwollenweber@...il.com>
To: "Muscarella, Sebastian (IT)" <Sebastian.I.Muscarella@...ganstanley.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Macro threats

When I do penetration tests I think macros are a useful tool. Most
organizations now have strong perimeter defenses. So the initial foothold
onto the network is a substantial challenge. For larger networks you can
anticipate stupid (unknowning) users that will launch a macro. Everyone has
their favorite set of excel macros after all. It's not a clever attack, but
it gets the job done. The challenge of getting a foothold may increase the
pressure to use macro attacks. However, overall I think there will be a
slight decline

In favor of not using macros is Web 2.0. Via web "defacement", XSS, DNS
attacks, and social networking sites that I can fairly confidently find a
secondary target that I know my primary target will visit. I can then attack
IE/Firefox. I think it's a fair bet to say there's always an exploit for
IE/Firefox/Flash/libjpeg/libpng/wmv/mpeg/etc that's standard content for web
pages. Further, Office 2007 is now on the scene. While I have no expertise
on Office software is generally more prone to bugs (and thus attacks)
earlier in it's life cycle. Therefore, Office attacks might focus more on
direct exploitation rather than using a macro.

The above is just my opinion. I have no hard data supporting it one way or
another, so take it as you will.

-Matt


On 6/5/07, Muscarella, Sebastian (IT) <
Sebastian.I.Muscarella@...ganstanley.com> wrote:
>
>  Wanted to ask this forum's opinion on the state of macro threats.  While
> we have not seen too many this past year which were actively exploited, we
> wanted to know if there are any indications on whether this threat would
> increase, decrease, become more sophisticated in the next year or two.
>
> Any information would be very helpful.  We're currently looking at
> enhancing some security features in-house around Microsoft Office, and want
> as much intelligence on the topic as possible.
>
> Thanks,
>
> Sebastian Muscarella
>
>  ------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Matthew  Wollenweber
mwollenweber@...il.com | mjw@...erwart.com
www.cyberwart.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ