[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- To: dvd-discuss(at)cyber.law.harvard.edu
- Subject: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- From: "D. C. Sessions" <dcs(at)lumbercartel.com>
- Date: Wed, 10 Oct 2001 19:57:17 -0700
- In-Reply-To: <20011010134752.A6641@johns.cc.uic.edu>
- Organization: ***** SPLORFFF!!! *****
- References: <20011010134752.A6641@johns.cc.uic.edu>
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
On Wednesday 10 October 2001 11:47, you wrote:
> Everyone is so creative about windows worm
> payloads ... modifying bank accounts, posting
> fake stories. There's a much less farfetched
> scenario ...
Yawn.
The majority of Office installations are Office97.
A recently-documented bug in Excel and Powerpoint
allows malware to bypass the macro-detection function,
so that the malware can pretty much do anything that the
user can.
The bug affects Office 97, 98, 2000, and XP.
Microsoft has announced that there will be a patch for supported
versions of Office.
Office 97 is no longer supported.
Microsoft Passport stores login and password information in plain
text on the user's hard drive.
Conclusion: a reasonably well-crafted worm could propogate at
sub-alarm rates to millions of systems, sniffing out Passport
logins and passwords to be sent Home by indirect means. Once
acquired, they can be used to bleed money via credit card, PayPal,
etc. and may not even be noticed for weeks. The impact could
easily run into the $billions, along with massive disruption of
consumer confidence and banking records.
--
| I'm old enough that I don't have to pretend to be grown up.|
+----------- D. C. Sessions <dcs@lumbercartel.com> ----------+