Masquerading through the enterprise!

by Guy Huntington | October 17, 2006 at 02:07 pm | 339 views | add comment | 0 recommendations
Masquerading through the enterprise!
by Guy Huntington

A Microsoft employee published a blog on Thursday October 12 stating

I wanted to let you know that we’ve been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint. We are currently investigating this report. The reported proof of concept may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted PowerPoint file.

Source: !domain



Enterprises should be aware that an email with a PowerPoint document attached containing the malware will fly underneath the current firewall and anti-virus defenses.  This means that criminals can use this method to obtain ids and passwords and then masquerade as the user.

Beyond waiting nervously for a fix from Microsoft and then from the antivrus vendors, a better strategy is to have a multi-layered enterprise identity strategy.

You must assume that your outer defenses will be breached, that ids and passwords will be captured and thus plan your defenses accordingly.  My paper "Battling Botnets and Rootkits -  A Layered Identity Strategy" speaks directly to this.

Guy Huntington
www.authenticationworld.com
guy.huntington@authenticationworld.com



Comments (0)

Add a comment

The content of this field is kept private and will not be shown publicly.

October 17, 2006 at 02:07 pm by Guy Huntington, 339 views, add comment

in , , , ,
add to pageflakes Add to Digg Digg Add to del.icio.us del.icio.us Add to any serviceAddToAny
Vote for us at the Mashable Open Web Awards 2008

Crowd Power

These members have powered this story:

Track this Story

 

closeSign in to NowPublic

Not a member?

JoinIt's free!

is reporting from
Member
NP Rank: