Tag Archives: Hackers
Very Important: Major PowerPoint Vulnerability
I wanted to let everyone know that Microsoft announced about a week ago that there is major security issue with PowerPoint, in which a bug in how Object Linking and Embedding (OLE) works could give malicious attackers full access to your machine.
OLE is the means by which you are able to insert data from one type of program into another program, for example embedding a spreadsheet into a PowerPoint presentation. But there are a couple of things to keep in mind regarding this flaw:
First, there is a fix, even an automated one. You can find out all about it on this page at the Microsoft support site.
Second, the attacks using this vulnerability have been very limited, no widespread havoc just yet.
Third, if you were attacked, the attacker would only get the level of control you had. So if you were a regular user, those are all the rights they would have. If you were an administrator, on the other hand, which many home PC users are, things could be different. Administrators have the ability to do things other users don’t, like install programs, make system changes, etc.
Fourth, *you* have to let it happen by opening the PowerPoint file in the first place. Here’s a bit of advice that I hope we all already know: DON’T OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DON’T KNOW! It’s very, very easy to avoid this issue altogether, and why the attacks have been limited. It requires you to open the mysterious presentation from the person you’ve never heard of. Don’t do that, and you’ll be fine.
Header image credit: techaeris.com
Did Russian hackers almost bring down the nasdaq?
It has just been revealed that in 2010, Russian hackers, likely associated with the Russian government, and using using custom-designed malware to exploit zero-day vulnerabilities (something that should absolutely not be present in systems of this sort) were able to infiltrate the NASDAQs systems for the purposes of snooping around. However, it appears it also had the capabilities of delivering what is known as a ‘Logic Bomb;’ a destructive program that waits until a specific date occurs before it does its damage.
A destructive program destroying the internals of the NASDAQ’s servers would have wreaked havoc across the U.S. financial infrastructure, and the world’s as well. And it turns out that once the malware was discovered it appeared it could have wiped out the NASDAQ’s internals completely. So serious was it, that although no less than five separate federal security agencies had discovered the infiltration, they felt it had to be brought to the attention of the President.
The investigation discovered that not only did these Russian hackers have access to the NASDAQ’s servers, but Chinese hackers did as well along with other unidentified intruders, and that the servers were very vulnerable to attack with one person referring to it as a swamp. Although the potential impacts were catastrophic, the NASDAQ never reported the attacks nor indicated their severity. Expanding on the investigation, it turns out most banks and large financial institutions were possessed of the same vulnerabilities.
The scary part is that no conclusion was ever reached. Even the ultimate purpose of the intrusion is unclear; some say it was to do damage, some say it was just so the Russians could build an equivalent system. It also shows that we are not as far ahead as we often think in terms of security or technology; we still can’t definitively say it was actually the Russians. Great advances have been made since this event happened, but it’s a global race and it seems we’re still in no position to prevent it.
