Interesting People mailing list archives
IP: HOLE IN THE WEB LEAVES SECURITY GAP (from Edupage)
From: Dave Farber <farber () cis upenn edu>
Date: Tue, 05 Jan 1999 20:22:48 -0500
Israeli computer security firm Finjan Inc. is publicizing a potentially serious security "hole" that exploits a function of Microsoft's Excel spreadsheet software to booby-trap Web sites. Excel is frequently used to divide Web sites into "frames," and Finjan says a malicious cracker could create code that would be secretly downloaded onto Web site visitors' computers and wreak havoc among spreadsheet pages, word-processing files or other data without the user's knowledge. The hole, which is believed to have been discovered first in Russia, requires that the user's machine contain the Excel software, but Excel doesn't have to be running in order for damage to occur. "We think this is probably the biggest security hole in Internet history," says Finjan's CEO. "Any student at Stanford could potentially exploit it." Microsoft says it issued a bulletin in early December warning of the problem, and is offering a software patch to fix it. "We have not gotten a single customer inquiry on the issue yet," says John Duncan, a product manager in Microsoft's Office group. "But any security issue is serious, and that is why, as soon as we've identified something, we are going to respond very aggressively." (Wall Street Journal 5 Jan 99)
Current thread:
- IP: HOLE IN THE WEB LEAVES SECURITY GAP (from Edupage) Dave Farber (Jan 05)