PaulDotCom mailing list archives
Re: Advice on doc format to see for review to security folks
From: Michael Salmon <lonestarr13 () gmail com>
Date: Tue, 30 Nov 2010 12:36:07 -0500
What is Adobe Acrobat Viewer - http://www.adobe.com/products/acrviewer/acrvdnld.html? is this something very old, I don't see much information about it and the FAQ link doesn't work. On Wed, Nov 24, 2010 at 3:29 PM, bytes abit <bytesabit () gmail com> wrote:
Seriously? I know a worry proof method. NO ONE CAN HACK PAST IT! Snail Mail me a copy :P Though seriously, I would agree with the general un-spoken rule. Hack not they brethern, but use condoms regardless. On Mon, Nov 22, 2010 at 2:07 PM, <byte.bucket () 4a44 com> wrote:If you can own anyone reading this list with a PDF exploit then they deserve it! RobinI think this is a little unfair; how do you not get owned using Adobe Acrobat? I had a hard time writing up a mitigation recommendation for a customer recently. I owned the network with a HSRP MITM attack, followed by Ettercap+etterfilter injection to serve up malicious PDF's in 1x1 iframes*. The attack went great, but then I had to tell the customer what to do differently to prevent them from being compromised through Adobe Acrobat in the future. I don't believe Foxit Reader isn't in a better position than Adobe Acrobat reader from a security perspective. Online PDF rendering options returning funky JS+AJAX images wouldn't work due to the sensitive nature of the PDF content. I ended up recommending the use of Adobe Acrobat with the Microsoft Mitigation Experience Toolkit, but I thought that was kinda lame too. What recommendations are people making to customers who get owned through PDF exploits but require a local PDF reader? Thanks, -Josh * Ettercap+etterfilter, HSRP/VRRP exploits and more are all labs in the new SANS course I contributed to, Advanced Penetration Testing, Exploits and Ethical Hacking - http://bit.ly/aOwAnBHot on the heels of your question, Adobe has released Acrobat/Reader "X". There is a nice series of articles here: http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html . Protected mode is by no means a "cure all", but it does look like a step in the right direction. On a separate but related note, what did you tell this customer about mitigating malicious iframes? It seems to me that your attack vector ( malicious iframes) is/was the real issue here and that the vulnerable application (Acrobat) is probably one of several you could taken advantage of. -- byte_bucket _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Advice on doc format to see for review to securityfolks, (continued)
- Re: Advice on doc format to see for review to securityfolks Sven Aluoor (Nov 17)
- Re: Advice on doc format to see for review to security folks Robin Wood (Nov 16)
- Re: Advice on doc format to see for review to security folks Tim Krabec (Nov 16)
- Re: Advice on doc format to see for review to security folks xgermx (Nov 16)
- Re: Advice on doc format to see for review to security folks Sven Aluoor (Nov 17)
- Re: Advice on doc format to see for review to security folks Ulisses Castro (Nov 17)
- Re: Advice on doc format to see for review to security folks Tim Krabec (Nov 16)
- Re: Advice on doc format to see for review to security folks Joshua Wright (Nov 16)
- Re: Advice on doc format to see for review to security folks Kenneth Voort (Nov 17)
- Re: Advice on doc format to see for review to security folks byte . bucket (Nov 22)
- Re: Advice on doc format to see for review to security folks bytes abit (Nov 26)
- Re: Advice on doc format to see for review to security folks Michael Salmon (Nov 30)
- Re: Advice on doc format to see for review to security folks Joel Esler (Nov 16)
- Re: Advice on doc format to see for review to security folks Sven Aluoor (Nov 17)
- Re: Advice on doc format to see for review to security folks Sven Aluoor (Nov 17)