Word Vulnerability Compromised US State Dept. 207
hf256 writes "Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"
Hmmm...hackers (Score:5, Funny)
Quick (Score:4, Funny)
(Insert Troll Here) (Score:5, Funny)
a) It's only because MS Office has the largest market share, this could of happened to any office suite!
b) It's not a big deal, obviously the state department's IT department is incompetent.
c) Damn Hackers, always trying to ruin a good thing!
d) Macs run on Intel processors now, so they're vulnerable too!
e) This is probably because the NSA sponsors SELinux.
f) In Soviet Russia, MS Office hacks YOU!
Did I miss any?
Re:Hmmm...hackers (Score:2, Funny)
Re:Great news for open formats (Score:2, Funny)
The airlock is closing... (Score:4, Funny)
"Cap'n, we're having a wee bit 'o trouble in IT - we're leaking data down here like no one's bloody business - we may have to sever communications!"
"Scottie - is it really that bad...? Isn't there some alternative that will buy us more time??!! I need more time, dammit man!"
"Cap'n, I'm only a Star Fleet Engineer, not the Queen's magician..."
"Well, Engineer...see if you can pull a rabbit out of your ass and buy me five more minutes before you cut us off. That's all we need to make the jump, and after that you can cut your nuts off for all I care!"
"Aye, Cap'n...do me best - one shit-stained rabbit, com'n up - IT out!"
Re:Quick (Score:5, Funny)
Emacs
*ducks and runs*
Must suck to be Lenovo... (Score:5, Funny)
Re:(Insert Troll Here) (Score:5, Funny)
Re:(Insert Troll Here) (Score:2, Funny)
The first is a phrase that doesn't make sense, and the second is a contraction of "could have".
Re:Quick (Score:3, Funny)
Re:Quick (Score:3, Funny)
I type OpenOffice.org Writer XML in VI... In the format's ZIP-compressed form!
Re:Quick (Score:2, Funny)
Re:Scary (Score:3, Funny)
Re:Quick (Score:3, Funny)
Re:Great news for open formats (Score:4, Funny)
Re:Great news for open formats (Score:4, Funny)
Tom
Puzzled ... (Score:3, Funny)
A fun example: A couple of years ago, a fellow hereabouts told the local linux/unix user group a funny story of how Word docs got banned at his workplace. It seems that a VP had written some missive, and decided that it was so important that everyone in the company would want to read it. So he mailed it out to everyone. It was a Word doc, and the people with unix-type workstations mostly couldn't read it, so they did the obvious thing. They fed it to the strings(1) command. The result of this isn't pretty, since it loses all the (binary) formatting and font markup, but the text was readable.
However, strings can't decode the binary stuff, and didn't know to honor the "deleted" tags on big chunks of the file. It seems that among the deleted stuff was a list of the salaries of most of the management. Ooops!
The unix users got a bit of a chuckle out of this, of course, and the news got back to the VP (and other managers) what he'd mailed out. After the inevitable finger pointing settled down, the message got through the mangers' thick skulls that Word docs can and usually do contain "deleted" stuff that hasn't actually been removed or blanked out, and any time they send someone a Word doc, they might be sending them pieces of any other Word doc that has ever been on their computer. And it's not just unix users who can read this "deleted" stuff; a clever programmer could fairly easily make it visible on Microsoft systems, too. You could just port the strings command to Windows.
So the word came down that Word docs were strictly forbidden in email. Especially email sent outside the company.
This problem is not exactly secret. Any organization that allows Word docs, or any other proprietary binary format, in emails is inviting exactly this same sort of problem. Even if you don't understand it or believe it, chances are that some of your competitors do.
It's especially astonishing that the US State Department would allow Word docs to be emailed. Don't they have any competent security people at all?
(Or maybe they do, but they are intentionally ignoring the advice of such people. That does seem to be how the US government works these days.