New
Bug in Popular MS Word 2002
In
early July '08, Microsoft and anti-virus
maker Symantec revealed
that a bug in a popular PC word program
contains an unpatched bug, rendering the program open to
savy hackers. The affected program, Microsoft Office
Word 2002 Service Pack 3, has been victim to
"attacks
attempting to use the reported vulnerability," according
to blog posting by a Microsoft spokesman.
The hack installs a Trojan horse program which logs keystrokes
in order to steal passwords. Over the past few years
hackers have found a large number of bugs
found in Microsoft's Office software that enable them to insert malicious code
that affords control and / or data (keystroke, etc.) retrivial. Microsoft apparently
has no immediate plans to issue a bug patch but instead has published a set
of 'workarounds'. The Microsoft advisory recommended
that users use Word 2003 Viewer to open and view Word files.
Symantec's antivirus software has been updated to detect
the attack, but they suggest the best defense is
to avoid opening unsolicited Word documents.
For the record, Microsoft Office Word, Microsoft Office Word Viewer,
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats,
and Microsoft Office for Mac are not affected.
Some general defenses against infections include:
• Don't open attachments unless you are expecting them.
• Don't execute program software that is downloaded
from the Internet unless it has been scanned for viruses.
Remember, just visiting a compromised Web
site can
cause an infection if certain browser vulnerabilities are not patched.
• If possible, configure your email server to block or remove email that
contains file attachments that are commonly used to spread viruses, such
as .vbs,
.bat, .exe, .pif and .scr files.
• Finally, ALWAYS keep your patch levels up-to-date,
especially on computers that are accessible through a firewall, such as
HTTP, FTP, mail, and
DNS services.
Additionally, all Windows-based computers should have the current Service
Pack installed.
Controlling
Your On-line Security
Your
best online defense is not necessarily your hardware but
your frame of mind.
While the greatest majority of identity
theft occurs through people rummaging through you trash
for credit card offers, or sales clerks making a copy of
your credit card for themselves, there are those that skim
information off the internet using techniques such as 'packet
sniffing'.
If you're buying from an internet merchant
(and who doesn't these days!) be sure that when you get
to the 'checkout' area that the merchant is using a
secure server. The clue for that is that the beginning
of the URL in your web browser will start with the letters
'https' -that 's' at the end indicates the server (and
your transaction stream) is secured through an
encryption process.
Additionally, some experts recommend that
you not leave credit card information stored for future
use at the sites you buy from; based on past experience
they are at some risk for theft or disclosure.
It's been said before but it always bears
repeating: use long alphanumeric passwords for important
websites, like banks... and guard them closely.
And let's not forget about email. Email can deliver a virus or trojan through
attachments, or 'phish' for information freely given.
A good example of phishing comes as this
is being written - the IRS warns of an official looking
online 'satisfaction survey'. With the official look and
the promise of $80 award, people are being duped into releasing
sensitive personal information. The clue is in the return
address embedded in the email header; the IRS says it never
initiates contact with you through e-mail.
And of course, there's the hard luck pitch.
Typically the hard luck pitch is a plea
from folks in faraway Nigeria, complete with a hard luck
story; a death in the family and millions of US dollars
that need to be transfered from one bank to another...
and won't you help them in exchange for a percentage of
the funds?
I know it's hard to believe, but honest
folks actually respond to these, and often get caught up
'holding the bag' (and fiscal responsibility) by passing
phony travelers checks. The old saying comes to mind; "If
it sounds to good to be true...".
Your choice of operating systems also
can determine just how vigilant you must be.
Windows, by it's very nature is quite susceptible to outside influences that
can do several malicious things, including retrieving passwords or sending information
back over the internet without your knowledge. Such malware or spyware can often
be detected by anti-virus software, but it's essential to update such programs
on a frequent basis. Windows also suffers security holes because it is adapted
to run on hardware made by a wide variety of makers, and thus Microsoft loses
control of an important part of the equation.
Macintosh's current operating system,
OS X, works on an entirely different premise than Windows,
and additionally, all the computers than run OS X are made
by one maker - Apple. While developers have identified
potential security loopholes, there been very few, if any
successful 'hacks' into the OS. In fact, while there are
a number of anti-virus programs for Windows machines, there
is only one for the Mac.
It is important to note that the current
crop of Macs can run Windows at the same time it is running
the Mac OS - effectively giving the user the best(?) of
both worlds... and potentially, the worst of Windows. Mac
users running Windows on their machines must also run an
anti-virus program to protect the Windows side from vulnerabilities!
|
symbol
next to documents indicates that the file is in Portable Document
Format (PDF) which can be read by Acrobat Reader. If you do
not have Acrobat Reader, you can download a copy now by selecting
the appropriate option below or go to Adobe's Web Site at
