Network Health: Security Holes
By Dr. Seamus Phan
If you, like me, administer a network, you are probably fed up by now, with all the security vulnerabilities, macro viruses, WLAN deficiencies, and so on. Yet we soldier on, looking for the next shred of information that may make us a little bit "smarter" than the intruders and attackers, or find a new tool that adds to our arsenal of defenses.
The Sneaky Word
For example, Alex Gantman recently reported that he discovered a Microsoft Word "proof of concept" vulnerability that possibly cannot be defended against.
Gantman described a scenario: Alice sends Bob a Word document for revisions. After Bob edits, saves and mails it back to Alice, the file will also include contents of another file from Bob's computer that Alice has specified. How? Alice had simply embedded the INCLUDETEXT field into the document. Since it is a field rather than a macro, theoretically there is no way for Bob to deny that action, or disable it. Alice can make the INCLUDETEXT field less obvious to Bob by using hidden text, or change the text block to white text in small font sizes.
Gantman demonstrated another "proof of concept" Word vulnerability, where a recipient can be tricked into signing a document he or she has no intention to. For instance, Alice and Bob are supposed to jointly sign a Word contract where Bob will pay Alice US$100. Alice signs her portion and sends Bob the document. In a few days, Alice asks Bob to cough up US$100, with a copy of the contract clearly showing Bob's signature. How? Alice had inserted an IF field that branched on an external input such as a date or filename. With a previous valid signature in another document, Alice could theoretically insert Bob's signature into the new document.
It is possible for experts to prove that there are unsigned inputs and it is not clear if the contract was actually signed by Bob, thereby nullifying the contract in court. But it will be an arduous process nonetheless.
Drive-by Spam Hits Town
More recently in London, experts warned that spammers have turned to "wardriving" to make use of unprotected WLANs to send out millions of spam.
It gets worse. Some of these wardrivers actually warchalk, where they mark buildings, offices or facilities with vulnerable WLANs, with a specific symbol. This enables other hackers to make use of these WLANs for free.
Some warchalkers actually claimed that network managers were appreciative, since they then know that they have to fix their networks. While the original intent of the warchalkers may seem remotely acceptable, the repercussions are certainly not. In any case, I don't see why warchalkers can't simply approach the network managers and explain the situation professionally in private, rather than expose the vulnerable networks indiscriminately.
What would be the legal impact on the intruded companies? The jury is still out on this, since every country has specific and diverse privacy, intrusion, computer misuse and abuse acts.
From these two different vulnerabilities, one thing is still clear: no
computer technology is perfect, and perhaps may never be. The more
advancements we create, the more security vulnerabilities and flaws we have
to fix. And the worst thing is, the more we fix, the more vulnerabilities
and flaws crop up. Perhaps it is time to go back to basics?
[ BWW Society Home Page ]
© 2003 The BWW Society/The Institute for the Advancement of Positive Global Solutions