Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 26 - Sharing Office Files

Published: 2010-10-26
Last Updated: 2010-10-27 12:47:14 UTC
by Pedro Bueno (Version: 1)
7 comment(s)

Cyber Security Awareness Month - Day 26 - Sharing Office Files

Today's CSAM topic is Sharing Office Files.


There are some good points of attention when doing this.

1) Sharing inside the company.

Most companies have shared drives where people use to store documents that can be accessed by
one or several groups.

It is very important that you know who is on the list of Trusted people that can access those documents.

It is also necessary that the shares are included on the Anti-Virus scan and Backup process.

If you are not using a shared drive, but a web-based internal service like MS Sharepoint, the same check
should be done regarding the access control.

Sharing internal documents using external providers such as Google Docs, or Online Fileservers may be a
risk and very likely an internal policy violation even if they provide some level of authentication, so those should
be avoided at any cost.

2) Sharing Outside the company


Sometimes we need to share documents with third party and this can be a difficult task when it comes to security.

When not being able to use some kind of public/private key encryption method between the email exchange,
what I recommend is to use a common key and compact the file with a strong crypto algorithm such as AES.

Most compressors, like WinZip, WinRAR and 7-ZIP offer this option, so in this way you can ensure that even if the
email or file goes to the wrong hands, they may not be able to open the document.

3) Sharing inside the company with removable drives


Sometimes we need to share a document inside the company via removable drives.

At this point you can't really trust what it inside the thumb drive besides the document you need, and today it is very
common to find malware inside them, that will execute via Windows Autorun feature.

If your IT policy allows, you should really disable it this feature.

One thing that I usually do is to check them on my Linux box, and remove autorun.inf file from it before insert on my
Windows box.


4) Receiving Office Documents from outside the company

When receiving documents from outside the company, those will mostly be PDF or MS Office (.DOC, .XLS, .PPT).

Sometimes they may be legit documents, sometimes they may be part of a target attack :) .

There are a couple of ways to check those files. Our fellow handler Lenny Zeltser put together a very nice Cheat Sheet,
called...Analyzing Malicious Documents Cheat Sheet :) You can find the PDF here ( Don't worry, it is not malicious ) :)

It contains several tools that you can use to help the identification of malicious documents when you don't want
to send them to external websites such as VirusTotal or Wepawet due some possible confidentiality issues.
As a last resource, create a VM image with Office and open the documents there :)

---------------------------------------------------------------------------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

7 comment(s)

Firefox news

Published: 2010-10-26
Last Updated: 2010-10-26 19:02:22 UTC
by Pedro Bueno (Version: 1)
6 comment(s)


So, this is not a marketing or just news about Firefox. :)
The reason for this post is that Firefox is the subject of two quite interesting security related news.

Starting on the first one.
There is a 0day vulnerability for Firefox, including the latest version. This vulnerability is already being exploited, so beware...

The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed.

The second one is related to an Firefox extension released yesterday. It is called Firesheep.

In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc...
Hacking accounts by sniffing traffic on unsecured wifi networks is not really difficult, but until now, you would need some additional steps to accomplish it, but with Firesheep it is all there for you...really recommend a check on it.

PCWorld has a good write up on it.

Thanks for the readers that pointed that out.

----------------------------------------------------------------------------------------------------

Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

Keywords: 0day firefox hack wifi
6 comment(s)
Be (even more) careful with public hotspots. Firesheep released yesterday. Brilliant and scary.
Diary Archives