Re: [Full-Disclosure] OT: Tool for sanitizing MS office documents?
From: Ron DuFresne (dufresne_at_winternet.com)
Date: 01/31/05
- Previous message: Thierry Carrez: "[ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities"
- In reply to: Florian Weimer: "Re: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- Next in thread: Soderland, Craig: "RE: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 31 Jan 2005 11:51:01 -0600 (CST) To: Florian Weimer <fw@deneb.enyo.de>
Ahh, and we found one of the original posts;;
From: Michal Zalewski <lcamtuf@ghettot.org>
Subject: [Full-Disclosure] Automated metadata recovery for document
collections (tool release)
Cc: pentest@securityfocus.com
Date: Sat, 3 Apr 2004 17:18:49 +0200 (CEST)
To: full-disclosure@netsys.com
Hi,
After my short write-up on results of automated change tracking data
recovery for Microsoft Word documents found at microsoft.com [1], I've
received a couple of inquiries from pen-testers who asked me about the
tool I used to find the data, and stated that something like this would be
a good addition to their everyday testing methodology.
A beta version of the tool to automatically detect and index change
tracking information in a collection of Word documents published on a
website (or stored on disk, mounted via SMB/NFS, etc) is now available for
download:
http://lcamtuf.coredump.cx/soft/therev.tgz
If there is enough interest, I'll try to maintain this tool and add
options to gather all other types of security-relevant metadata (such as
usernames, MAC addresses and whatnot) as well.
Regards,
mz
[1] http://lcamtuf.coredump.cx/strikeout/
This moight be the tools originally requested.
Thanks,
Ron DuFresne
On Mon, 31 Jan 2005, Florian Weimer wrote:
> * Clement Dupuis:
>
> > This is why so many companies have adopted the PDF format for document
> > exchange. What you see is what it is, no hidden code or revision bits.
>
> This view is a bit too simplistic. PDF files can contain layers, and
> the text that is nicely covered by those black rectangle may still be
> present in the document.
>
> In general, PDF documents are not too bad an idea, though. At least
> it avoids the embarrassment of embedded OLE objects which contain far
> more information that is actually visible in the parent document (and
> I don't think Microsoft's tool addresses this because it would
> castrate the document).
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Thierry Carrez: "[ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities"
- In reply to: Florian Weimer: "Re: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- Next in thread: Soderland, Craig: "RE: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
