Full Disclosure mailing list archives
Re: Macro threats
From: "matthew wollenweber" <mwollenweber () gmail com>
Date: Tue, 5 Jun 2007 14:01:25 -0400
When I do penetration tests I think macros are a useful tool. Most organizations now have strong perimeter defenses. So the initial foothold onto the network is a substantial challenge. For larger networks you can anticipate stupid (unknowning) users that will launch a macro. Everyone has their favorite set of excel macros after all. It's not a clever attack, but it gets the job done. The challenge of getting a foothold may increase the pressure to use macro attacks. However, overall I think there will be a slight decline In favor of not using macros is Web 2.0. Via web "defacement", XSS, DNS attacks, and social networking sites that I can fairly confidently find a secondary target that I know my primary target will visit. I can then attack IE/Firefox. I think it's a fair bet to say there's always an exploit for IE/Firefox/Flash/libjpeg/libpng/wmv/mpeg/etc that's standard content for web pages. Further, Office 2007 is now on the scene. While I have no expertise on Office software is generally more prone to bugs (and thus attacks) earlier in it's life cycle. Therefore, Office attacks might focus more on direct exploitation rather than using a macro. The above is just my opinion. I have no hard data supporting it one way or another, so take it as you will. -Matt On 6/5/07, Muscarella, Sebastian (IT) < Sebastian.I.Muscarella () morganstanley com> wrote:
Wanted to ask this forum's opinion on the state of macro threats. While we have not seen too many this past year which were actively exploited, we wanted to know if there are any indications on whether this threat would increase, decrease, become more sophisticated in the next year or two. Any information would be very helpful. We're currently looking at enhancing some security features in-house around Microsoft Office, and want as much intelligence on the topic as possible. Thanks, Sebastian Muscarella ------------------------------ NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Matthew Wollenweber mwollenweber () gmail com | mjw () cyberwart com www.cyberwart.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Macro threats Muscarella, Sebastian (IT) (Jun 05)
- Re: Macro threats Valdis . Kletnieks (Jun 05)
- Re: Macro threats matthew wollenweber (Jun 05)
- Re: Macro threats Jay Sulzberger (Jun 05)
- Re: Macro threats Randal T. Rioux (Jun 05)