Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : PC Sector Round Table -- Ignore unavailable to you. Want to Upgrade?

To: Yogi - Paul who wrote (1366)	1/5/1999 11:43:00 PM
From: LK2	Read Replies (2) \| Respond to of 2025

Excel program on your PC can let a hacker into your PC. How much security do you think you have, surfing the Web? (What I also like, is when MSFT product manager John Duncan said >''There really is no newness to this,'' he said. ''There's not a bug in the software.''< Does Microsoft mean that Excel was deliberately designed to let in hackers?) For Personal Use Only >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> dailynews.yahoo.com Tuesday January 5, 1999 5:22 PM ET Experts Unveil New Hacker Technique By MARTHA MENDOZA AP Business Writer SAN JOSE, Calif. (AP) - A new and potentially dangerous security flaw that allows a hacker to steal data off an unsuspecting Web surfer's computer was unveiled Tuesday by Finjan Inc., a San Jose-based computer security company. The security hole could affect anyone using the Internet that has Microsoft Corp. (Nasdaq:MSFT - news)'s Excel spreadsheet on their computer, said Finjan chief executive Bill Lyons. ''We believe this could affect tens of millions of users as they're configured today,'' said Lyons. ''An attacker could steal or copy innocent Internet users' private files without their knowledge.'' Here's how it works: A hacker sets up a Web site with the corrupt code programmed into it. Then an unknowing computer user, who has Microsoft Excel installed but not necessarily running, visits the site. While the user is at the site, the hacker worms into the user's Excel program and, through that, is able to pull files off their computer. What makes this flaw more devastating is that normally users have to take steps such as downloading infected software to be attacked; in this case, users could be hit by simply visiting a Web site. So far it's only theoretical. Neither Finjan nor Microsoft has heard of actual attacks. But as John Stewart, a chief architect at Digital Island pointed out, it would be simple enough to do. ''This attack can be executed by almost anyone,'' he said. Reporters who went to a designated Finjan World Wide Web site on Tuesday experienced the rip-off firsthand. After clicking on Finjan's site and agreeing to be hacked, the security company was able to pull files out of reporters' computers. At the Redmond, Wash.-based Microsoft, John Duncan, a product manager in Microsoft's Office group, said they already heard about and offered a solution to the problem last month, e-mailing close to 1 million customers a security bulletin on Dec. 10 that offered a free, downloadable patch. ''We were notified by a third party and we moved to fix it immediately,'' he said. More importantly, Duncan said they have had no customer complaints about the problem. ''There really is no newness to this,'' he said. ''There's not a bug in the software.'' Microsoft's security bulletin warned that an attacker could get in to the computer via an Excel function, though it did not mention specifically how the attack could be made using the Internet. ''The bulletin provides customers with the information they need to decide whether or not they want to install the ... patch,'' said Duncan. ''However, we want to avoid providing hackers with a blueprint for how they can exploit security issues such as this.'' Avi Ruben, a researcher at AT&T Labs, said it's that widespread ease that could make the hacking devastating. ''It is the kind of attack that makes your jaw drop when you hear about it and makes you wonder if sensitive information should ever be kept on a networked computer,'' he said. Finjan said Microsoft's free patch will solve the problem. Finjan was also offering a software solution to customers. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<