[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing
- To: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>, Ed Murphy <ed.b.murphy@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Mon, 31 Jan 2011 15:36:08 +0000
Yes, it comes in very handy for those who need to ensure that the documents
they placed on open shares be held at the printer for security.
I love this part: "The adversary can then either print two copies of the
victim's file and leave
one on the printer for the victim, or print one copy of the victim's file and
photocopy it before
leaving the original on the printer for the victim, or print one copy of the
victim's file and take it
resulting in the victim thinking that perhaps they didn't click the print icon
after all."
They forgot to add "Or, the attacker could open the spreadsheet from the
share." LOL
t
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Cal Leeming
[Simplicity Media Ltd]
Sent: Monday, January 31, 2011 6:19 AM
To: Ed Murphy
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft
Excel secure printing
Wtf, I've never heard heard of a 'secure' print :S
On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy <ed.b.murphy@xxxxxxxxx> wrote:
Hello list,
Stumbled across this today. It appears Excel spreadsheets store
printer information including the PIN you might use when trying to do
a "secure" print.
http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf
The paper is quite thorough and shows that in most cases the PIN is
stored in clear text in the spreadsheet, though some printer vendors
try to obfuscate the PIN (though not very successfully).
Thanks,
Ed
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/