Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on January 5, 2007 9:22 AM.

The previous post in this blog was Three strikes...you're out.

The next post in this blog is Four excellent reasons to use a layered identity defence.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Three strikes...you're out | Main | Four excellent reasons to use a layered identity defence »

Think on it before you click on it

Brain Kreb's of the Washington Post has three interesting blog entries today. The first "Microsoft's Achilles' Heel: Office" covers a recent attack over the holidays that infected a utility company. The utility was infected by malware which wasn't detected by the anti-virus software the company was using.

Utility company users clicked on an email PowerPoint attachment to view a holiday PowerPoint file. This contained malware that then infected the utility's network, providing a backdoor to the utility's network, uid's and passwords. Then, when the utility realized it had been attacked and brought in a company to investigate, they found two Word files that also contained malware.

The second blog "Take Me to Your (Adobe) Reader" covers the recent security holes found in Adobe Acrobat's reader using javascript. A user may end up infecting their computer with malware or, be redirected to a phishing website and prompted to reveal sensitive identity and credit information.

My point: There are so many attack patterns into enterprises that existing intrusion detection and anti-virus software is not going to pick up. Many of these are in application documents such as MS Office and other applications like Adobe Acrobat.

Microsoft this coming Tuesday will finally release the patches for the existing three high critical Word document holes. That has taken them three to four weeks to assemble the patches. As Brian Kreb says in his previous blog "Internet Explorer Unsafe for 284 Days in 2006" for most of 2006 there were always high critical security holes in Microsoft products like IE and MS Office.

My point: Don't think you are secure waiting around for either Microsoft of your security vendors to catch up with criminals. Assume that you will be successfully attacked and begin your preparations to have a layered security defense.

Bottom line: Educate your users to "Think on it before they click on it". All of these types of attacks can be minimized if users don't click on email links and document attachments they are not expecting. An ounce of prevention in educating your users can save a pound of enterprise flesh by preventing expensive enterprise security breaches.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on January 5, 2007 9:22 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/71

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)