Archive | July 16, 2006

PowerPoint Zero-Day Vulnerability in the Wild

Slashdot post PowerPoint ZeroDay Vulnerability Exploited. “whitehatlurker writes to mention a WashingtonPost.com article about another unpatched flaw with Microsoft Office. The bug, part of the PowerPoint software, has already been used in the wild, and may be connected to an industrial espionage case.”

1. Never EVER open an untrusted document, whether it is Word or PowerPoint or a PDF or a video.

2. There are no trusted documents.

What #2 means is that you should always confirm that, whenever a document arrives appearing to be from a friend or a co-worker, it really is from them. Most of the time, you've had a conversation in advance. Social engineering works by making you think that a document is part of a normal exchange. If Bob in accounting send a message with some non-descript “check this out” message and an attachment that appears to be a spreadsheet, it's worth taking a couple seconds to verify it's really from him. Malware steals other people's email addressbooks, so the mail could appear quite legitimate.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.