Home page logo

basics logo Security Basics mailing list archives

Re: FUD - was FAX a virus
From: "Robert Wesley McGrew" <wesley () mcgrewsecurity com>
Date: Tue, 6 Mar 2007 16:28:18 -0600

On 3/6/07, Craig Wright <cwright () bdosyd com au> wrote:

Sorry, wrong.

Apologies, I was on the train of thought of email and attachments of
images and such and thought you were asking about that.

But that's neither here nor there.  I never disagreed with your
description of how faxes work, nor with how it'll strip a document of
everything but a scanned representation of how it looks.  If that's
the final representation and usage of that image, then you're right,
it's game over for an attacker. My position is that what you do with
that scanned image after that is something that deserves some

If an organization, for the sake of automation, extracts textual data
from this image via OCR, and stores it, or uses it as input for some
process, then I feel this data should be subject to the same amount of
scrutiny and filtering as one would apply to web-based inputs.  Same
attack, different entry point.

Robert Wesley McGrew

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]