Seriously? I know a worry proof method. NO ONE CAN HACK PAST IT! Snail Mail me a copy :P
Though seriously, I would agree with the general un-spoken rule. Hack not they brethern, but use condoms regardless. On Mon, Nov 22, 2010 at 2:07 PM, <[email protected]> wrote: > > >> If you can own anyone reading this list with a PDF exploit then they > >> deserve it! > >> > >> Robin > > > > I think this is a little unfair; how do you not get owned using Adobe > > Acrobat? > > > > I had a hard time writing up a mitigation recommendation for a customer > > recently. I owned the network with a HSRP MITM attack, followed by > > Ettercap+etterfilter injection to serve up malicious PDF's in 1x1 > > iframes*. The attack went great, but then I had to tell the customer > > what to do differently to prevent them from being compromised through > > Adobe Acrobat in the future. > > > > I don't believe Foxit Reader isn't in a better position than Adobe > > Acrobat reader from a security perspective. Online PDF rendering > > options returning funky JS+AJAX images wouldn't work due to the > > sensitive nature of the PDF content. I ended up recommending the use of > > Adobe Acrobat with the Microsoft Mitigation Experience Toolkit, but I > > thought that was kinda lame too. > > > > What recommendations are people making to customers who get owned > > through PDF exploits but require a local PDF reader? > > > > Thanks, > > > > -Josh > > > > * Ettercap+etterfilter, HSRP/VRRP exploits and more are all labs in the > > new SANS course I contributed to, Advanced Penetration Testing, Exploits > > and Ethical Hacking - http://bit.ly/aOwAnB > > Hot on the heels of your question, Adobe has released Acrobat/Reader "X". > There is a nice series of articles here: > http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html . > Protected mode is by no means a "cure all", but it does look like a step > in the right direction. > > On a separate but related note, what did you tell this customer about > mitigating malicious iframes? It seems to me that your attack vector ( > malicious iframes) is/was the real issue here and that the vulnerable > application (Acrobat) is probably one of several you could taken advantage > of. > > -- > byte_bucket > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
