Archive for December 13th, 2003

Don’t post Word docs!

December 13, 2003

Woody’s Office Watch #8.50 has more examples of Word docs posted on the web with information stored in them that probably shouldn’t be there. Docs from the Department of Homeland Security, the Speaker of the House, Newt Gingrich, the Chief Security Architect from Dell (!) (some of the links will probably be dead or lead to docs that have had the information talked about removed — at least I hope so!). Names and ids of the folks who edited them are in there as well as the locations of the files on the users’ drive, not to mention complete revision histories!
Be careful. Think about what you’re doing. Pay attention.

Advertisements

Opera file overwrite vulerability

December 13, 2003

Secunia has released SA10425 which describes a vulnerability in Opera which allows a malicious website to overwrite a file with a simple download operation. The solution? — upgrade to Opera V7.23.
It’s interesting that we see a lot of exploits for non-Microsoft products posted after their solution is available.