There is no doubt about it—Office documents are a security hazard and they offer ample information to anyone who takes the trouble to look.Let us slip into the roll of an agent once again to see how easily such information can be read. If you receive a Word document via e-mail, you can find out who last worked on it by right-clicking the file and selecting ‘Properties | Summary | Advanced’. This will reveal the last author as well as information such as which version of Word and file type was used, and in which company the author works.Some delicate information could also be divulged—the name after ‘Author’ is also often the login name for the company network. Thus, only the password is missing for a potential hack attack.If a Word document is opened with Notepad, the entire memory path for the document and all the fonts used in it are hidden in the ASCII text garbage.Moreover, it can be further hacked—on opening a Word document with WinHex,we came across an Internet link in our test file. However, this was never written in the Word document. We found out, after some investigation, that Firefox had saved a URL to the clipboard while Word was running in the background. In the default options ‘Automatic Quick Save’ available in Word, the word processor not only saves the just the opened document, but also the current contents of the clipboard. Had there been a password lying around as part of the clipboard content, it would have been in the hacker’s hand. This is quite
possible; if a tool like ‘RoboForm’ unzips
0 comments:
Post a Comment
PlEaSe Use website title tag whenever linking your website to this blog