[luau] Beware of Using Word 97
Dean Fujioka
surfdean at hawaii.rr.com
Sun Sep 8 15:16:01 PDT 2002
On Saturday 07 September 2002 23:18, Ben Beeson wrote:
> Aloha,
{snip}
>
> possible. The Internet architecture tends to make the mechanics of
> executing the attack easier, but a lack of Internet connection does not
> prevent a "sneaker net" attack from succeeding in leaking or compromising
> information via the same macro tool. The sneaker net transfer involves at
> least two media transfers just like the ethernet transfer does, it is just
> a physical transfer of media, not an electronic one. The file contents are
> the same in either case.
>
Yes, but if you do not transfer data between your two computers, i.e. you have
MSword on the internet computer, you simply don't do your critically secure
work on it. If you expose your TOP SECRET work to the macro, then of course
you can be compromised.
> The only way to prevent the attack from succeeding is to 1) exchange
> information only with those that you can provably trust implicitly to not
> further disclose any information inadvertatently leaked. This doesn't
> thwart the attack, it just controls the spread of the information. 2)
> carefully review the contents of your electronic files to ensure only the
> intended info is transferred, or 3) don't share your information at all.
> Of course, removing the hole in the Word program would also help.
>
4) Don't use a sneaker net and keep the two PC's separated.
> > tradeoff between paranoia and convinience.
> >
> > dean
More information about the LUAU
mailing list