Re: Advice on doc format to see for review to security folks

[Michael Salmon <lonestarr13 () gmail com>]

What is Adobe Acrobat Viewer -
http://www.adobe.com/products/acrviewer/acrvdnld.html?  is this something
very old, I don't see much information about it and the FAQ link doesn't
work.

On Wed, Nov 24, 2010 at 3:29 PM, bytes abit <bytesabit () gmail com> wrote:

> Seriously?  I know a worry proof method.  NO ONE CAN HACK PAST IT!
> Snail Mail me a copy  :P
>
>
> Though seriously, I would agree with the general un-spoken rule. Hack not
> they brethern, but use condoms regardless.
>
>
>
>
> On Mon, Nov 22, 2010 at 2:07 PM, <byte.bucket () 4a44 com> wrote:
>
> > > > If you can own anyone reading this list with a PDF exploit then they
> > > > deserve it!
> > > >
> > > > Robin
> > >
> > > I think this is a little unfair; how do you not get owned using Adobe
> > > Acrobat?
> > >
> > > I had a hard time writing up a mitigation recommendation for a customer
> > > recently.  I owned the network with a HSRP MITM attack, followed by
> > > Ettercap+etterfilter injection to serve up malicious PDF's in 1x1
> > > iframes*.  The attack went great, but then I had to tell the customer
> > > what to do differently to prevent them from being compromised through
> > > Adobe Acrobat in the future.
> > >
> > > I don't believe Foxit Reader isn't in a better position than Adobe
> > > Acrobat reader from a security perspective.  Online PDF rendering
> > > options returning funky JS+AJAX images wouldn't work due to the
> > > sensitive nature of the PDF content.  I ended up recommending the use of
> > > Adobe Acrobat with the Microsoft Mitigation Experience Toolkit, but I
> > > thought that was kinda lame too.
> > >
> > > What recommendations are people making to customers who get owned
> > > through PDF exploits but require a local PDF reader?
> > >
> > > Thanks,
> > >
> > > -Josh
> > >
> > > * Ettercap+etterfilter, HSRP/VRRP exploits and more are all labs in the
> > > new SANS course I contributed to, Advanced Penetration Testing, Exploits
> > > and Ethical Hacking - http://bit.ly/aOwAnB
> >
> > Hot on the heels of your question, Adobe has released Acrobat/Reader "X".
> > There is a nice series of articles here:
> > http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html .
> > Protected mode is by no means a "cure all", but it does look like a step
> > in the right direction.
> >
> > On a separate but related note, what did you tell this customer about
> > mitigating malicious iframes?  It seems to me that your attack vector (
> > malicious iframes) is/was the real issue here and that the vulnerable
> > application (Acrobat) is probably one of several you could taken advantage
> > of.
> >
> > --
> > byte_bucket
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com