Yes, it comes in very handy for those who need to ensure that the documents they placed on open shares be held at the printer for security.
I love this part: "The adversary can then either print two copies of the victim's file and leave one on the printer for the victim, or print one copy of the victim's file and photocopy it before leaving the original on the printer for the victim, or print one copy of the victim's file and take it resulting in the victim thinking that perhaps they didn't click the print icon after all." They forgot to add "Or, the attacker could open the spreadsheet from the share." LOL t From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Cal Leeming [Simplicity Media Ltd] Sent: Monday, January 31, 2011 6:19 AM To: Ed Murphy Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing Wtf, I've never heard heard of a 'secure' print :S On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy <ed.b.mur...@gmail.com> wrote: Hello list, Stumbled across this today. It appears Excel spreadsheets store printer information including the PIN you might use when trying to do a "secure" print. http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf The paper is quite thorough and shows that in most cases the PIN is stored in clear text in the spreadsheet, though some printer vendors try to obfuscate the PIN (though not very successfully). Thanks, Ed _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
