1. 47
  1.  

  2. 4

    A few lessons learned with this article.

    1. Polyglots are fun. Polyglots are a very interesting attack vector, able to attack multiple disparate applications.

    2. A quote:

    For example, I found a TXT file force-downloaded from Tor browser, when opened can bypass Gatekeeper and leak the real IP address of the victim without any warning. This wasn’t very straightforward though.

    This is why I use my fully Tor-ified network rather than just the Tor Browser. There’s absolutely zero chance for infoleaks when using the Tor-ified network. In this case, the OS itself is forced to leak data. The Tor-ified network prevents against that.

    1. Another quote:

    After digging into OSX internals, I came across the AutoMount feature that lets file:/// urls make remote requests. AutoFS is a program on OSX that uses the kernel to make a mounting request to a drive. Automount can also make remote requests to an external drive. Doing ‘ls /net/EXAMPLE.com’ forces OSX send a remote request to EXAMPLE.com

    Without a whitelist, automount is incredibly dangerous. Allowing unprivileged users automatically mount network resources unchecked is a rather huge security vulnerability. None of my systems have autofs/automount enabled for exactly this reason.

    1. These days, there aren’t many text editors that will just edit text and do nothing more. Even vim supports plugins and other features orthogonal to text editing. Even cat can trick your terminal into parsing special characters and doing funny things.

    As security researchers, we’re left with dumping the contents of the file with a simple hex editor and parsing each hex character ourselves. That is, at least, if you need to be incredibly careful. Adjust these tactics according to your threat models and accepted risks.

    1. 0

      This title is so much click-bait it is offensive.

      1. 12

        I wholeheartedly disagree. I think many share the assumption that a text file opened in a text editor is harmless. Truly good research and well-explained. The title uses a different style than you prefer, but so what?