I admit, it does take some social engineering for both cases to work.
You just need to make the webcontent seem critical to the message. In
an email a sentence like "your new acess code is:" followed by you
bugged image.
Have it set up so that if the macro isn't run make the excel data seem
invalid, mess with formating ect.
-- Allen Deryke
On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <[email protected]>
wrote:
I've done the webbugs in emails before, the problem is anymore most
email clients seem to turn off image loading by default.
Adrian
On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <[email protected]
> wrote:
Yeah, but excel prompts about this stuff so much that most people
would just click "ok".
Also links to external images in emails or docs is a great way to
pull this off.
-- Allen Deryke
On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw <[email protected]>
wrote:
But would that illicit a warning?
Adrian
On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis <[email protected]
> wrote:
The only way I can think of this occuring in a word doc is to write
a macro.
The macro can just ping your box, this should be enough to get the
IP.
On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis
<[email protected]> wrote:
You could add a tab to firefox's default tabs (the ones it loads on a
new session) that points to a webserver you control. Eventually, the
stolen laptop's new user will open firefox anew and you'll have the
new IP. Obviously if the person stealing your box mounts the drive
rather than logging in, this won't help.
-andrew
On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw <[email protected]
> wrote:
> I recently had a conversation with an author about webbugs, and
it brought
> another idea to mind. I seem to remember John Strand saying
something about
> Val Smith doing something with detecting insider threats by
leaking a
> document and seeing who opens it. (sorry I can't remember more).
>
> Here is the question, anyone know how to make a doc/docx/pdf load
something
> from an external site so you can at least find the ip of someone
who opened
> the document?
>
> Thanks,
> Adrian
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
--
Andrew Ellis
http://www.samurainet.org/blog
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
