Posted on Wednesday, February 14th, 2007 | Bookmark on del.icio.us

Communicating Considered Harmful!

by Jose Nazario

Nothing is sacred anymore, no lines of communications are safe. After yesterday’s Microsoft Security Bulletins for February 2007, even RTF is dead. RTF, or “Rich Text Format”, was once considered to be safe, a lot safer than Word documents, but now we know that RTF files are an infection vector, just like Word docs, PDF documents, and even speech has been used as an infection vector. I recall a vulnerability in MS Notepad in early 2004, too, that was discovered with the source code leak.

OK, so it seems that almost every means of communicating words is now a risk, at least on Windows. I suspect that when the mental telepathy driver for Windows comes out, it’ll be even worse.

So, we can either stop communicating, or we can patch patch patch nad defend ourselves. No need to head for the hills and to bury your head in the sand, yet.

But seriously, go read the Microsoft Security Bulletins for February 2007 and update ASAP. Lots of those vectors are being used already.

This entry was posted on Wednesday, February 14th, 2007 at 12:31 pm and is filed under Arbor Networks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses | Add your own



Comment Post by: Andy Sicard — February 15th, 2007 @ 5:07 pm EST  Reply

RTF files unsafe! Wow.

Comment Post by: HD — February 26th, 2007 @ 11:36 am EST  Reply

Wait for April for some more RTF fun :-)

Leave a Comment