WinZip Vulnerabilities Highlight User Threat

Published: 2004-09-03
Last Updated: 2004-09-04 02:16:19 UTC
by Michael Haisley (Version: 1)
0 comment(s)
WinZip Vulnerabilities Highlight User Threat
Following yesterdays report on new winzip vulnerabilities, I thought it would be a good time to highlight the user factor in security.


Quite frequently users will open many files which have traditionally been treated as 'safe', many new vulnerabilities are highlighting the fact that files from an untrusted source should never be opened. Several exploits are currently in the wild for Adobe Acrobat (PDF), Winzip (ZIP), Microsoft Compressed Folders(ZIP), and many other products.

User education should include basic malware recognition, although corporate firewalls, email scanners, and end user virus scanners are great, they can not completely eliminate the threat.

In most cases, files do not open automatically, but the user is required to take action to open them. Many users are conditioned that files are safe if they are a zip, or a pdf, or a jpg, but they should understand that no file is ever safe, and that files from untrusted sources should not be opened, not even to see whats inside.

Currently no worms are propagating using the above exploits, but it would be reasonable to assume that they will be used for this purpose in the future, the time to act is now, before the worm exists, not after word.

I urge all of you to consider implementing a user education program to compliment your current network security programs. Despite what the exploit is, quite often, the end user, not the network administrator will be the first to encounter it, and their reaction can determine how much damage is done, recognizing a threat, eliminating it, or at least reducing the risk can do wonders. Train your users, they can understand the basic concepts of network security.
Also our heart felt condolances go out to Matt Scarborough, one of the other SANS Incident Handlers for the loss of his father.
--

Michael Haisley

Handler On Duty

SANS Incident Storm Center
Keywords:
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives