Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Hello sir, I Just Sent You A PDF.. Can You Open It and Tell Me How Many Pages There Are?

with 5 comments

As Overheard From Two Bearded *NIX Masters

This morning I happened to overhear a conversation and a phone call that spurred it that, once all was said and done, had me thinking “WTF?” The phone call came in to a *NIX admin who, was asked to verify the number of pages within a pdf file that had been sent to them by the salesman on the phone.

*blink*

Uhh Say what? The admin did not go for it and was not willing to give out much information to the caller, but, after they had hung up I asked some pertinent questions about the call and just what they wanted from the admin. His response was that this had happened before on a few occasions and that he was just not interested in doing the dance with the sales rep at this time….

I was amazed at a few things in this exchange and immediately went into attack mode thinking as to what I had just witnessed and heard.

Uhhh Say WHAT? Sounds Like You Were Being Socially Engineered!

I informed the *NIX admin that this was really sounding like a social engineering exploit and asked just how many times and when (recently?) had this trend begun. He came back with a statement that then took me aback again;

“Yeah, well I really don’t care so much because I am running Linux on this box.. So the exploit would not work”

*blink blink —>head—desk*

“Sure, you are running Linux but that does not preclude the exploit being something else that would work on a *NIX system” was what was screaming through my head here. This guy is no slouch and neither is the other admin, but both pretty much had the same blasé attitude about it. Though, they did admit after I told them that it sounded like a new script for an old SE attack, they still seemed un-phased.

My response to all of this was to immediately dash off a communiqué to the C levels explaining the potential exploit and that I had wondered just how many other people in the company were potentially being asked to open .pdf files on their Windows systems with Adobe and compromising themselves! Needless to say, this was going to have to be a learning experience from more than a few levels and actions would have to be taken to alert the masses and gently remind them about the problems of SE in the wild.

…. Even for the likes of the *NIX admins who think they are immune to such puny attacks.. PFFT Windows *said like it was a social disease*

Situational Awareness

This is a teaching moment and I think that this is something that many companies need to pay attention to today. After all, how many systems have been breeched of late and thousands upon thousands of email addresses released to the masses? How many of those have in fact fallen into the hands of the phishers out there? What’s more, how many of those addresses of late have been for military or military/government affiliated people that are high value targets for APT activities?

Generally, people just aren’t thinking all that much when they get these calls. Sure, we tell them that people should never be asking them for their passwords and some of the low hanging fruit attacks of old, but now this..

Open this file would you? Tell me how many pages it has to verify that you got it would you?

Wow, how many people are falling for this one? Even if it is just a sales rep, this is clearly a SE attack in the hands of a sales person to keep the mark on the phone right? What has the world come to now that the sales teams are blatantly using SE tactics on the phone? What’s more, in this day and age of all the hacking going on and worries about industrial espionage just how many workers are just falling for it?

Never mind them just opening up the files willy nilly when they get them anyway right?

Situational awareness should be a KEY part to any companies security program and should be something that is ever present if you really mean to protect your assets. Of course some could make this out to sound like a police state kind of feel to corporate environments that want to be all touchy feely today (being the best places to work kind of thing) So, being so dialled in to security issues like SE attacks, might be seen as more big brother and paranoid than really a boon. I think that there is a median to tread on this and any program for security should be cognisant of this issue as well as proactive in teaching the employees how not to be so easily manipulated.

Though, as a rule today, I think we as a society are not so “situation-ally aware” as we should be.. But that is for another day…

As They Say.. “There Is No Patch For Human Stupidity”

There is a bumper sticker that I have seen at the con’s that makes the statement “There is no patch for human stupidity” I would like to change that to “There is no patch for human nature” What some see as stupidity is just human nature. I have written a few times in the past about my pov on this. People are no longer living on the savannah and have to worry about the lion in the grass. So, we as a species, have lost our ability to really sense danger and to listen to the little voice that we all have…

We instead might think we are just being paranoid… Well, there’s another phrase that you should be acquainted wit;

“Just because I am paranoid doesn’t mean that they aren’t out to get me”

People generally want to be helpful and can empathise with others. This is a main characteristic in our make up and something that can be lauded. However, it can also be used to the extreme by those who have more  “moral flexibility” than others lets say. So this will always be a problem and it should take a solid place in your security program… It’s just getting the C levels to understand and react..

That’s the key.

Anyway, pay attention folks. This SE exploit may be coming to you soon.. Or already is.

Happy Buffer Overflows!

Now, I have to write some more tutorials and re-program some *NIX beardy types…

K.

Written by Krypt3ia

2012/01/12 at 18:51

5 Responses

Subscribe to comments with RSS.

  1. Where is the rest of the story? Did you trace back the number? Call them back? Was there anything malicious about the PDF? Can’t leave a cliff-hanger like that!

    mubix

    2012/01/13 at 03:32

  2. Haha I was too much in shock about the *NIX masters not caring that I just let it go and wrote up an alert to send out to the masses. Maybe if they call again…

    Krypt3ia

    2012/01/13 at 12:16

  3. Sorry, just curious if you could explain the significance of opening a PDF?

    Herp

    2012/01/16 at 15:59

  4. Derp, if you have to ask, there is no reason I should tell you.

    Krypt3ia

    2012/01/17 at 20:05


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: