[Pauldotcom] Advice on doc format to see for review to securityfolks
d4ncingd4n at gmail.com
d4ncingd4n at gmail.com
Tue Nov 16 19:15:37 UTC 2010
Agreed. In addition to the usual best practices of different trust domains/segmentation, patching, disabling javascript and opening of non-pdf documents within acrobat, etc, I would recommend not overlooking the last three layers of defense-in-depth : good luck charms, prayer, and a good incident response plan.
Bart
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: Kevin Shaw <kevin.lee.shaw at gmail.com>
Date: Tue, 16 Nov 2010 13:03:06
To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Cc: d4ncingd4n at gmail.com<d4ncingd4n at gmail.com>
Subject: Re: [Pauldotcom] Advice on doc format to see for review to securityfolks
Is the document viewer on (most) Linux distributions any safer? I wouldn't
recommend an OS change to customers, I'm just curious.
My tactic with these problems is to emphasize user education and safer
browsing as well as 'vetting' from where they're getting documents. I also
encourage digital signatures and "workflow" style document control if the
environment has that many documents especially PDFs.
On Nov 16, 2010 12:32 PM, "Butturini, Russell" <
Russell.Butturini at healthways.com> wrote:
> Yeah me too...I take no shame in being 0wned by the great Irongeek! :-)
>
> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of d4ncingd4n at gmail.com
> Sent: Tuesday, November 16, 2010 9:44 AM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] Advice on doc format to see for review to
securityfolks
>
> Use whatever format you like (except silverlight <grin>) I am fairly
paranoid and open documents in different "trust zones" regardless of who
sends it. I have gotten pwned in the past by people I trusted not because of
them being untrustworthy but because they were pwned also. I just assume
anything can be infected now. Also, you can still be a victim of goatse in
ASCII. ;)
>
> Anytime you want someone to review something let me know. If I don't have
other pending commitments, I'll look it over.
>
> Bart
>
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Adrian Crenshaw <irongeek at irongeek.com>
> Sender: pauldotcom-bounces at mail.pauldotcom.com
> Date: Tue, 16 Nov 2010 09:09:14
> To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com
>
> Reply-To: PaulDotCom Security Weekly Mailing List
> <pauldotcom at mail.pauldotcom.com>
> Subject: [Pauldotcom] Advice on doc format to see for review to security
> folks
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
******************************************************************************
> This email contains confidential and proprietary information and is not to
be used or disclosed to anyone other than the named recipient of this email,
> and is to be used only for the intended purpose of this communication.
>
******************************************************************************
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20101116/0ed7d0a7/attachment.htm
More information about the Pauldotcom
mailing list