[luau] Beware of Using Word 97
Ben Beeson
beesond001 at hawaii.rr.com
Sat Sep 7 23:23:01 PDT 2002
Aloha,
A separate computer just changes the architecture of the problem, it doesn't
fundamentally change the problem. I believe this macro option could be used
to facilitate an attack regardless of Internet connection because the method
allows for information leakage. This is because the macro virus "tool"
essentially acts like a "wire" to the cleartext data of the victim's
computer. The connection to the network is irrellevant because the fact that
the macro virus tool exists means the attack is possible. The Internet
architecture tends to make the mechanics of executing the attack easier, but
a lack of Internet connection does not prevent a "sneaker net" attack from
succeeding in leaking or compromising information via the same macro tool.
The sneaker net transfer involves at least two media transfers just like the
ethernet transfer does, it is just a physical transfer of media, not an
electronic one. The file contents are the same in either case.
The only way to prevent the attack from succeeding is to 1) exchange
information only with those that you can provably trust implicitly to not
further disclose any information inadvertatently leaked. This doesn't thwart
the attack, it just controls the spread of the information. 2) carefully
review the contents of your electronic files to ensure only the intended info
is transferred, or 3) don't share your information at all. Of course,
removing the hole in the Word program would also help.
For some people, safeguarding info is more important than others. National
secrets and banking transactions need to be secure for obvious reasons. My
children's homework is probably of little interest to anyone besides our
family and their schools, so inadvertant leaking of homework or her
collection of LOTR web pics is of less consequence than leaking national
secrets or other very sensitive business information. In any case, I turn
macros off when I exchange documents to prevent other potentially unwanted
consequences that may alter the contents of the file in unforeseen ways. I
don't know if that practice will close the hole, but until MSWord gets
patched to fix this vulnerability, we are probably stuck with it when we use
MSWord.
VR,
Ben
>
> I think a separate computer would solve the problem. If you have all of
> your important documents, work, TOP SECRET stuff, etc on a computer that
> never has and never will see the internet, a modem, or a NIC, there is no
> way for a program on another computer to gather said info and wrap it in a
> word doc.
I think it's a
> tradeoff between paranoia and convinience.
>
> dean
More information about the LUAU
mailing list