[luau] Beware of Using Word 97

Ben Beeson beesond001 at hawaii.rr.com
Sat Sep 7 23:23:01 PDT 2002 

Aloha,

	A separate computer just changes the architecture of the problem, it doesn't 
fundamentally change the problem.  I believe this macro option could be used 
to facilitate an attack regardless of Internet connection because the method 
allows for information leakage.  This is because the macro virus "tool" 
essentially acts like a "wire" to the cleartext data of the victim's 
computer.  The connection to the network is irrellevant because the fact that 
the macro virus tool exists means the attack is possible.  The Internet 
architecture tends to make the mechanics of executing the attack easier, but 
a lack of Internet connection does not prevent a "sneaker net" attack from 
succeeding in leaking or compromising information via the same macro tool.  
The sneaker net transfer involves at least two media transfers just like the 
ethernet transfer does, it is just a physical transfer of media, not an 
electronic one. The file contents are the same in either case.         

	The only way to prevent the attack from succeeding is to 1) exchange 
information only with those that you can provably trust implicitly to not 
further disclose any information inadvertatently leaked.  This doesn't thwart 
the attack, it just controls the spread of the information.  2) carefully 
review the contents of your electronic files to ensure only the intended info 
is transferred, or 3) don't share your information at all.  Of course, 
removing the hole in the Word program would also help.  

	For some people, safeguarding info is more important than others. National 
secrets and banking transactions need to be secure for obvious reasons.  My 
children's homework is probably of little interest to anyone besides our 
family and their schools, so inadvertant leaking of homework or her 
collection of LOTR web pics is of less consequence than leaking national 
secrets or other very sensitive business information.   In any case, I turn 
macros off when I exchange documents to prevent other potentially unwanted 
consequences that may alter the contents of the file in unforeseen ways.  I 
don't know if that practice will close the hole, but until MSWord gets 
patched to fix this vulnerability, we are probably stuck with it when we use 
MSWord.         

VR,
Ben 



>
> I think a separate computer would solve the problem.  If you have all of
> your important documents, work, TOP SECRET stuff, etc on a computer that
> never has and never will see the internet, a modem, or a NIC, there is no
> way for a program on another computer to gather said info and wrap it in a
> word doc. 

 I think it's a
> tradeoff between paranoia and convinience.
>
> dean

More information about the LUAU mailing list