Security Basics mailing list archives
Re: FUD - was FAX a virus
From: "Robert Wesley McGrew" <wesley () mcgrewsecurity com>
Date: Tue, 6 Mar 2007 16:28:18 -0600
On 3/6/07, Craig Wright <cwright () bdosyd com au> wrote:
Sorry, wrong.
Apologies, I was on the train of thought of email and attachments of images and such and thought you were asking about that. But that's neither here nor there. I never disagreed with your description of how faxes work, nor with how it'll strip a document of everything but a scanned representation of how it looks. If that's the final representation and usage of that image, then you're right, it's game over for an attacker. My position is that what you do with that scanned image after that is something that deserves some attention. If an organization, for the sake of automation, extracts textual data from this image via OCR, and stores it, or uses it as input for some process, then I feel this data should be subject to the same amount of scrutiny and filtering as one would apply to web-based inputs. Same attack, different entry point. -- Robert Wesley McGrew http://mcgrewsecurity.com
Current thread:
- RE: FUD - was FAX a virus, (continued)
- RE: FUD - was FAX a virus Scott Ramsdell (Mar 06)
- RE: FUD - was FAX a virus Scott Ramsdell (Mar 06)
- Re: FUD - was FAX a virus TheGesus (Mar 06)
- RE: FUD - was FAX a virus Craig Wright (Mar 06)
- RE: FUD - was FAX a virus Craig Wright (Mar 06)
- Re: FUD - was FAX a virus Robert Wesley McGrew (Mar 07)
- RE: FUD - was FAX a virus Peter Denyer (Mar 07)
- Re: FUD - was FAX a virus Robert Wesley McGrew (Mar 07)
- RE: FUD - was FAX a virus Bob Radvanovsky (Mar 06)
- RE: FUD - was FAX a virus Craig Wright (Mar 07)
- RE: FUD - was FAX a virus Craig Wright (Mar 07)
- Re: FUD - was FAX a virus Robert Wesley McGrew (Mar 07)
- Re: RE: FUD - was FAX a virus krymson (Mar 07)
- RE: RE: FUD - was FAX a virus Craig Wright (Mar 07)