PaulDotCom mailing list archives
Dial Home Docs
From: allen.deryke at hushmail.com (Allen Deryke)
Date: Mon, 21 Sep 2009 10:47:32 -0400
I admit, it does take some social engineering for both cases to work. You just need to make the webcontent seem critical to the message. In an email a sentence like "your new acess code is:" followed by you bugged image. Have it set up so that if the macro isn't run make the excel data seem invalid, mess with formating ect. -- Allen Deryke On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <irongeek at irongeek.com> wrote:
I've done the webbugs in emails before, the problem is anymore most email clients seem to turn off image loading by default. Adrian On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <allen.deryke at hushmail.comwrote:Yeah, but excel prompts about this stuff so much that most people would just click "ok". Also links to external images in emails or docs is a great way to pull this off. -- Allen Deryke On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw <irongeek at irongeek.com> wrote:But would that illicit a warning? Adrian On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis <dimitrios at gmail.comwrote:The only way I can think of this occuring in a word doc is to write a macro. The macro can just ping your box, this should be enough to get the IP. On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis <only.samurai at gmail.com> wrote: You could add a tab to firefox's default tabs (the ones it loads on a new session) that points to a webserver you control. Eventually, the stolen laptop's new user will open firefox anew and you'll have the new IP. Obviously if the person stealing your box mounts the drive rather than logging in, this won't help. -andrew On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw <irongeek at irongeek.comwrote: I recently had a conversation with an author about webbugs, andit broughtanother idea to mind. I seem to remember John Strand sayingsomething aboutVal Smith doing something with detecting insider threats byleaking adocument and seeing who opens it. (sorry I can't remember more). Here is the question, anyone know how to make a doc/docx/pdf loadsomethingfrom an external site so you can at least find the ip of someonewho openedthe document? Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Andrew Ellis http://www.samurainet.org/blog _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090921/68c75984/attachment.htm
Current thread:
- Dial Home Docs Adrian Crenshaw (Sep 20)
- Dial Home Docs Andrew Ellis (Sep 20)
- Dial Home Docs Dimitrios Kapsalis (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Allen Deryke (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Allen Deryke (Sep 21)
- Dial Home Docs Harley Green (Sep 21)
- Dial Home Docs Tim Krabec (Sep 21)
- Dial Home Docs Adrian Crenshaw (Sep 21)
- Dial Home Docs Dimitrios Kapsalis (Sep 21)
- Dial Home Docs Andrew Ellis (Sep 20)