Word Vulnerability Compromised US State Dept.
hf256 writes "Apparently hackers using an undisclosed (at the time) vulnerability compromised the State Departments network using a Word document sent as an email attachment. Investigators found multiple instances of infection, informed Microsoft, then had to sever internet connectivity to avoid leaking too much data!"
Well this should push everything towards open document formats a bit more, so it might just be a good thing...
The fact that a simple Word document can cause such a big problem is really sad. How can you tell a few thousand of people not to open word document attachment? I mean, where I work, users receive tons of documents (pdf, office, autocad) files by email from vendors and such, I guess the only defense is good email filtering but still a 0-day attack would make that useless.
1) the attack, once found, would have a bevy of coders working on it (we hope, of course)
2) the testing and regression doesn't have the dependency matrix that Word does, and it's likely that if there was a link, it could be both understood and remedied quickly thru an open code supply chain
3) multiple hackers (oops, I mean coders) would likely offer variances of a patch, of which perhaps several would/could be part of the subsequent 'patched' tree
4) eight weeks is a travesty, and that the State Department of the United States of America didn't have an IDF that could detect the abberant traffic is just plain malfeasant. Heads should roll.
---- Teach Peace. It's Cheaper Than War.
At first, the hackers did not immediately appear to try stealing any U.S. government data. Authorities quietly monitored the hackers' activity, then tripwires severed Internet connections
If you find evidence of a break-in, its possible the attackers are also connecting in a way you haven't yet detected. Hope they know what they're doing. Given their reputation, I doubt it.
What magical office software do you use that is apparently 100% bug free?
Most people who are not familiar with IT in the US Government have NO IDEA how dependent even the military is on MS products. Think MS based virii, worms and exploits aren't on classified networks? Networks that don't even share a common hardware link to the internet...