WinZip Vulnerabilities Highlight User Threat
WinZip Vulnerabilities Highlight User Threat
Following yesterdays report on new winzip vulnerabilities, I thought it would be a good time to highlight the user factor in security.
Quite frequently users will open many files which have traditionally been treated as 'safe', many new vulnerabilities are highlighting the fact that files from an untrusted source should never be opened. Several exploits are currently in the wild for Adobe Acrobat (PDF), Winzip (ZIP), Microsoft Compressed Folders(ZIP), and many other products.
User education should include basic malware recognition, although corporate firewalls, email scanners, and end user virus scanners are great, they can not completely eliminate the threat.
In most cases, files do not open automatically, but the user is required to take action to open them. Many users are conditioned that files are safe if they are a zip, or a pdf, or a jpg, but they should understand that no file is ever safe, and that files from untrusted sources should not be opened, not even to see whats inside.
Currently no worms are propagating using the above exploits, but it would be reasonable to assume that they will be used for this purpose in the future, the time to act is now, before the worm exists, not after word.
I urge all of you to consider implementing a user education program to compliment your current network security programs. Despite what the exploit is, quite often, the end user, not the network administrator will be the first to encounter it, and their reaction can determine how much damage is done, recognizing a threat, eliminating it, or at least reducing the risk can do wonders. Train your users, they can understand the basic concepts of network security.
Also our heart felt condolances go out to Matt Scarborough, one of the other SANS Incident Handlers for the loss of his father.
--
Michael Haisley
Handler On Duty
SANS Incident Storm Center
Following yesterdays report on new winzip vulnerabilities, I thought it would be a good time to highlight the user factor in security.
Quite frequently users will open many files which have traditionally been treated as 'safe', many new vulnerabilities are highlighting the fact that files from an untrusted source should never be opened. Several exploits are currently in the wild for Adobe Acrobat (PDF), Winzip (ZIP), Microsoft Compressed Folders(ZIP), and many other products.
User education should include basic malware recognition, although corporate firewalls, email scanners, and end user virus scanners are great, they can not completely eliminate the threat.
In most cases, files do not open automatically, but the user is required to take action to open them. Many users are conditioned that files are safe if they are a zip, or a pdf, or a jpg, but they should understand that no file is ever safe, and that files from untrusted sources should not be opened, not even to see whats inside.
Currently no worms are propagating using the above exploits, but it would be reasonable to assume that they will be used for this purpose in the future, the time to act is now, before the worm exists, not after word.
I urge all of you to consider implementing a user education program to compliment your current network security programs. Despite what the exploit is, quite often, the end user, not the network administrator will be the first to encounter it, and their reaction can determine how much damage is done, recognizing a threat, eliminating it, or at least reducing the risk can do wonders. Train your users, they can understand the basic concepts of network security.
Also our heart felt condolances go out to Matt Scarborough, one of the other SANS Incident Handlers for the loss of his father.
--
Michael Haisley
Handler On Duty
SANS Incident Storm Center
Keywords:
0 comment(s)
×
Diary Archives
Comments
www
Nov 17th 2022
4 months ago
EEW
Nov 17th 2022
4 months ago
qwq
Nov 17th 2022
4 months ago
mashood
Nov 17th 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
4 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
2 months ago
isc.sans.edu
Dec 26th 2022
2 months ago