Full Disclosure mailing list archives
Re: Vulnerability discloses PIN used in Microsoft Excel secure printing
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 31 Jan 2011 15:36:08 +0000
Yes, it comes in very handy for those who need to ensure that the documents they placed on open shares be held at the printer for security. I love this part: "The adversary can then either print two copies of the victim's file and leave one on the printer for the victim, or print one copy of the victim's file and photocopy it before leaving the original on the printer for the victim, or print one copy of the victim's file and take it resulting in the victim thinking that perhaps they didn't click the print icon after all." They forgot to add "Or, the attacker could open the spreadsheet from the share." LOL t From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Cal Leeming [Simplicity Media Ltd] Sent: Monday, January 31, 2011 6:19 AM To: Ed Murphy Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing Wtf, I've never heard heard of a 'secure' print :S On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy <ed.b.murphy () gmail com> wrote: Hello list, Stumbled across this today. It appears Excel spreadsheets store printer information including the PIN you might use when trying to do a "secure" print. http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf The paper is quite thorough and shows that in most cases the PIN is stored in clear text in the spreadsheet, though some printer vendors try to obfuscate the PIN (though not very successfully). Thanks, Ed _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability discloses PIN used in Microsoft Excel secure printing Ed Murphy (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Cal Leeming [Simplicity Media Ltd] (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Thor (Hammer of God) (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Christian Sciberras (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Michael Holstein (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Thor (Hammer of God) (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Michael Holstein (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Thor (Hammer of God) (Jan 31)
- Re: Vulnerability discloses PIN used in Microsoft Excel secure printing Cal Leeming [Simplicity Media Ltd] (Jan 31)