There are certainly some PDF capabilities that would meet this criteria but it is not transparent to the end-user. One example is official electronic transcripts. In order to view the file the PDF calls home to the certificate server and makes sure the document has
not reached the maximum viewing limit, there may be other possible restrictions or checks it can do at the same time as well. It could be presented to the end-user as an authenticity mechanism ensuring you view the verified original content, rather than a "call-home" mechanism. On Mon, Sep 21, 2009 at 7:47 AM, Allen Deryke <[email protected]>wrote: > I admit, it does take some social engineering for both cases to work. > > You just need to make the webcontent seem critical to the message. In an > email a sentence like "your new acess code is:" followed by you bugged > image. > > Have it set up so that if the macro isn't run make the excel data seem > invalid, mess with formating ect. > > -- Allen Deryke > > On Sep 21, 2009, at 10:33 AM, Adrian Crenshaw <[email protected]> > wrote: > > I've done the webbugs in emails before, the problem is anymore most email > clients seem to turn off image loading by default. > > Adrian > > On Mon, Sep 21, 2009 at 10:07 AM, Allen Deryke <<[email protected]> > [email protected]> wrote: > >> Yeah, but excel prompts about this stuff so much that most people would >> just click "ok". >> >> Also links to external images in emails or docs is a great way to pull >> this off. >> >> -- Allen Deryke >> >> On Sep 21, 2009, at 9:47 AM, Adrian Crenshaw < <[email protected]> >> [email protected]> wrote: >> >> But would that illicit a warning? >> >> Adrian >> >> On Mon, Sep 21, 2009 at 3:23 AM, Dimitrios Kapsalis >> <<[email protected]><[email protected]> >> [email protected]> wrote: >> >>> The only way I can think of this occuring in a word doc is to write a >>> macro. >>> >>> The macro can just ping your box, this should be enough to get the IP. >>> >>> On Mon, Sep 21, 2009 at 2:56 AM, Andrew Ellis < >>> <[email protected]><[email protected]> >>> [email protected]> wrote: >>> >>>> You could add a tab to firefox's default tabs (the ones it loads on a >>>> new session) that points to a webserver you control. Eventually, the >>>> stolen laptop's new user will open firefox anew and you'll have the >>>> new IP. Obviously if the person stealing your box mounts the drive >>>> rather than logging in, this won't help. >>>> >>>> -andrew >>>> >>>> On Sun, Sep 20, 2009 at 3:49 PM, Adrian Crenshaw >>>> <<[email protected]><[email protected]> >>>> [email protected]> wrote: >>>> > I recently had a conversation with an author about webbugs, and it >>>> brought >>>> > another idea to mind. I seem to remember John Strand saying something >>>> about >>>> > Val Smith doing something with detecting insider threats by leaking a >>>> > document and seeing who opens it. (sorry I can't remember more). >>>> > >>>> > Here is the question, anyone know how to make a doc/docx/pdf load >>>> something >>>> > from an external site so you can at least find the ip of someone who >>>> opened >>>> > the document? >>>> > >>>> > Thanks, >>>> > Adrian >>>> > >>>> > _______________________________________________ >>>> > Pauldotcom mailing list >>>> > <[email protected]> <[email protected]> >>>> [email protected] >>>> > <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> > Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com> >>>> http://pauldotcom.com >>>> > >>>> >>>> >>>> >>>> -- >>>> Andrew Ellis >>>> <http://www.samurainet.org/blog> <http://www.samurainet.org/blog> >>>> http://www.samurainet.org/blog >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> <[email protected]> <[email protected]> >>>> [email protected] >>>> >>>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: <http://pauldotcom.com/> <http://pauldotcom.com> >>>> http://pauldotcom.com >>>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> <[email protected]> <[email protected]> >>> [email protected] >>> >>> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom><http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> >>> http://pauldotcom.com >>> >> >> _______________________________________________ >> Pauldotcom mailing list >> <[email protected]>[email protected] >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: <http://pauldotcom.com> <http://pauldotcom.com> >> http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> <[email protected]>[email protected] >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: <http://pauldotcom.com>http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
