Forgot your password?
typodupeerror
Security IT

Black Hat Talk Demonstrates New Document Exploits 60

Posted by timothy
from the send-you-this-file-in-order-to-have-your-advice dept.
darthcamaro writes "Remember the days of the viruses embedded in email attachments? They're coming back, according to a pair of researcher talking at Black Hat this week: '"If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel document?" TT asked the audience. "The answer is no."'"
This discussion has been archived. No new comments can be posted.

Black Hat Talk Demonstrates New Document Exploits

Comments Filter:
  • by Anonymous Coward on Saturday August 06, 2011 @03:45PM (#37009616)

    Anybody worth their salt knows that any attachment can be dangerous. You can hide all sorts of things in them. Especially for files that allow arbitrary things to be embedded in them, like Word documents.

  • Well duh... (Score:4, Funny)

    by Oxford_Comma_Lover (1679530) on Saturday August 06, 2011 @03:46PM (#37009624)

    Of course it's not safe to open the document. It could be a "Starbuck should be a dude" rant.

    • Re: (Score:3, Funny)

      "Starbuck should be a dude"

      Sir, we're going to have to ask you to leave. Turn in your man card at the front office. You can pick it up on monday at the Men's Rules Enforcement Department off 7th street. You'll need to explain to them why you, as a heterosexual male, asked to replace a hot female actress with a pudgy male one. Depending on your answer, there may be a fine.

      Thank You,

      The Internetz

      • Dear Internetz,

        I promise to make it up with lots of Kara/Lee fanfic.

        Kisses,

        OCL

      • by PopeRatzo (965947) *

        asked to replace a hot female actress with a pudgy male one.

        Why he gotta be pudgy? Can't he be a hot Jack Harkness-style Starbuck?

        Some of us long for the days when the only women in science fiction were the ones with three breasts on the cover of Del Ray paperbacks.

        Three nicely-shaped breasts.

      • by JAlexoi (1085785)
        Are you calling a comma-phile a heterosexual? (Oxford_Comma_Lover)
        ...you insensitive clod!
      • by hairyfeet (841228)

        Because having a hot babe you want to bang be your wingman in a bar is just.....well weird? The reason Apollo and Starbuck worked well together was Apollo could be kind of a stick in the mud so Stabuck would come and bail his ass out with the jokes, as a good wingman should. Hot babe? not only will hot babe make it worse but it will make dude in trouble look even MORE lame, not less.

        As for TFA... attachments are bad mmmkay? what sucks is how many years have we been trying to drum this into users heads? I

    • Re: (Score:1, Funny)

      Of course it's not safe to open a document when running Windows. My Ubuntu desktop Linux operating system never gets viruses no matter what I open, because it uses a robust security model with actual file permissions. For example, instead of simply clicking "yes" to everything, I also have to enter my password so I know I give things a second thought before executing them.

      Of course, even if Linux just had a Yes/No dialog, I could click "yes" until I'm blue in the face and my system would never get a sin
  • In other news, embedding executable code into data files still considered stupid. Researchers continue to emphasize that executable code should only exist in (wait for it) -- executable files!

    Now, we all understand that Intel and Microsoft had drunken money sex one evening and out of that relationship DOS was born... a retarded child that couldn't tell the difference between its food (the data) and the plate (executable code), and regularly ate both.

    I'm just wondering why we're still entertaining this 'prec

    • Re:In other news... (Score:4, Interesting)

      by networkzombie (921324) on Saturday August 06, 2011 @04:27PM (#37009926)
      Your argument restricting executable code covers a variety of technologies from OLE to html email. The same reason these technologies suck is also why they are so popular. On one hand you can embed stuff and do more! On the other hand they can embed stuff and do more.
    • Re:In other news... (Score:5, Interesting)

      by SuricouRaven (1897204) on Saturday August 06, 2011 @04:40PM (#37009972)
      A lot of the time that executable code is to do shinystuff, like embed fancy animated charts in documents. One of the worst cases of all is in Windows Media, which will happily run scripts (Exploitable scripts) in media files without prompting or informing the user - and will do this based on magic bytes to identify filetype rather than extension. This lead to the proliferation of fake-mp3 malware on p2p networks. The purpose of the scripts is to allow for updating of the DRM technology and to allow for unauthorised media files to automatically direct the player to a website to purchase a licence.
      • by abigsmurf (919188)
        I've seen a lot of fake media files require you to purchase a licence you get a "this requires a licence, do you want to retreive it" type yes/no dialogue and only take you to a website on a yes click.

        I'm calling BS on your claim it does anything more than this. If MP3s were exploitable outside of encouraging you to visit a questionable site, you'd see a whole lot more malware infected MP3s sent as email attatchments. It's not unthinkable this could be exploited but I doubt it's any easier exploting that
        • I do confess to never having encountered such a file myself, but I have heard from others who have claimed that the file infected them with some form of malware. A likely explanation would be that the website is the true location of the exploit - I imagine WMP would open IE to get the license, which means any scammer not only has a way to lure in visitors but also knows what browser they'll be using and thus what exploits to use.

          MP3 files are not the problem ones. It's WMA/WMV/ASF (all the same internally)
    • by Anonymous Coward

      In other news, embedding executable code into data files still considered stupid.

      Nobody designing data file formats is actually putting in official ways to run executable code. The ability to do that comes entirely from implementation bugs. And no, embedded scripting languages don't count - they're not intended to be able to affect anything outside the document; when they can, it's again always the result of an implementation bug.

      • by sjames (1099)

        Embedded scripts certainly DO count! You can RUN them can't you? When you do, they do what the writer wanted, don't they?

        Of course they're not INTENDED to be able to affect anything outside, but in over 10 years, nobody has yet been able to stop them. That's called a failure. Perhaps it's time to rip that 'feature' out.

      • by Carnildo (712617)

        Nobody designing data file formats is actually putting in official ways to run executable code.

        Nobody? [wikipedia.org]

    • There line between code and data is rather fuzzy. In the end, both are big lumps of bytes that will be processed by some software, which will then cause your computer to take certain actions. The problem is that the software processing the bytes will often happily allow things to happen that would generally be considered undesirable (e.g. sending spam).

      In my view, the problem of malware is so persistent, because the vast majority of software vendors have an insecure by default approach. Software is develope

  • Flash? (Score:2, Insightful)

    by unkaggregate (855265)

    The reason why the answer is no is because of hybrid document attack techniques. TT explained that in the hybrid document exploit a Flash file is embedded in Excel or Word document.

    Ok Microsoft... why the hell are you allowing Flash inside Word and Excel documents in the first place?!?

    • by game kid (805301)

      How else do you want Microsoft to support future printable YouTube videos that play right on the paper when you touch them with a pen?

    • Ok Microsoft... why the hell are you allowing Flash inside Word and Excel documents in the first place?!?

      Because exploits, um, I mean macros via JavaScript & HTML5 [slashdot.org] won't be available until Office 15.

  • by Anonymous Coward

    Yes... THAT YOU KNOW ABOUT - of course, if you know about them, they're not zero-day vulnerabilities.

    What a load of crap. YES there are, probably, vulnerabilities that you don't know about (I.E. zero-day vulnerabilities). NO you can't EVER say "there are no 0 day vulnerabilities", because if there are, you won't know about them until you find them! Who the fuck wrote that, anyway? A 0-day vulnerability is a vulnerability that you DON'T KNOW EXISTS.

    Anyone who THINKS that there are no zero-day vulnerabilities

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...