Black Hat Talk Demonstrates New Document Exploits - Slashdot

Follow Slashdot stories on Twitter

×

Black Hat Talk Demonstrates New Document Exploits 60

Posted by timothy on Saturday August 06, 2011 @03:38PM from the send-you-this-file-in-order-to-have-your-advice dept.

darthcamaro writes "Remember the days of the viruses embedded in email attachments? They're coming back, according to a pair of researcher talking at Black Hat this week: '"If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel document?" TT asked the audience. "The answer is no."'"

This discussion has been archived. No new comments can be posted.

Black Hat Talk Demonstrates New Document Exploits

Search 60 Comments Log In/Create an Account

Comments Filter:

Is this really news? (Score:3, Insightful)

by Anonymous Coward writes: on Saturday August 06, 2011 @03:45PM (#37009616)

Anybody worth their salt knows that any attachment can be dangerous. You can hide all sorts of things in them. Especially for files that allow arbitrary things to be embedded in them, like Word documents.

Share
twitter facebook
In other news... (Score:2, Insightful)

by girlintraining ( 1395911 ) writes: on Saturday August 06, 2011 @03:59PM (#37009740)

In other news, embedding executable code into data files still considered stupid. Researchers continue to emphasize that executable code should only exist in (wait for it) -- executable files!
Now, we all understand that Intel and Microsoft had drunken money sex one evening and out of that relationship DOS was born... a retarded child that couldn't tell the difference between its food (the data) and the plate (executable code), and regularly ate both.
I'm just wondering why we're still entertaining this 'precious snowflake' and it's plate-eating habits twenty years on. Didn't we learn from the retarded kid that isolating data from executable code from the hardware level up was the Right Thing?

Share
twitter facebook
Flash? (Score:2, Insightful)

by unkaggregate ( 855265 ) writes: on Saturday August 06, 2011 @04:22PM (#37009894) Homepage

The reason why the answer is no is because of hybrid document attack techniques. TT explained that in the hybrid document exploit a Flash file is embedded in Excel or Word document.
Ok Microsoft... why the hell are you allowing Flash inside Word and Excel documents in the first place?!?

Share
twitter facebook
"and there are no 0 day vulnerabilities" (Score:2, Insightful)

by Anonymous Coward writes: on Saturday August 06, 2011 @07:01PM (#37010738)

Yes... THAT YOU KNOW ABOUT - of course, if you know about them, they're not zero-day vulnerabilities.
What a load of crap. YES there are, probably, vulnerabilities that you don't know about (I.E. zero-day vulnerabilities). NO you can't EVER say "there are no 0 day vulnerabilities", because if there are, you won't know about them until you find them! Who the fuck wrote that, anyway? A 0-day vulnerability is a vulnerability that you DON'T KNOW EXISTS.
Anyone who THINKS that there are no zero-day vulnerabilities is, statistically speaking, WRONG. There are. And therefore, yes:
If you have installed all Microsoft Office patches ... will it be safe to open a Word or Excel document? ... The answer is no.
Because a Word or Excel document could always exploit a vulnerability that you DON'T KNOW ABOUT.
That's sort of the whole fucking point, right?

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

There are two ways to write error-free programs; only the third one works.