Vulnerability Turns MS Excel Into Open Door for Hackers

The vulnerability is in Microsoft Office Excel 2003 Service Pack 2, along with Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac, Microsoft said. If successfully exploited on a vulnerable computer, it could enable remote code execution, the company added.

Microsoft is now investigating public reports and the extent of the vulnerability’s impact on customers. Once that’s done, it may provide a security update through its monthly release process or as an out-of-cycle release, it said.

“While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA (Microsoft Security Response Alliance) partners to help protect customers,” wrote Microsoft’s Security Response Center on the group’s blog. “We will update the advisory and this blog as new information becomes available.”

Linux News: Security: Vulnerability Turns MS Excel Into Open Door for Hackers


Teenager hacks Polish tram system

A 14 year-old schoolboy hacked into a Polish tram system and used a remote control to change the direction of a number of vehicles.

Transport employees in Lodz immediately suspected outside interference when a driver who was trying to turn right found his tram veering to the left.

The tram’s back wagon was derailed and hit a passing tram. Another derailment injured 12 passengers.

Teenager hacks Polish tram system – Personal Computer World

Anatomy of a hack attack

With the help of security experts, we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.

Monday, 9am
Blackjack, a hacker working from an internet cafe in London, is about to launch an attack on a major government agency. His aim is to cause maximum disruption and embarrassment. And, according to security experts, his job is going to be worryingly easy.

“Most organisations have dozens of vulnerabilities they haven’t patched, or aren’t even aware of,” said Toralv Dirro, a security strategist with McAfee. “Even if a penetration-testing service says you’re not vulnerable, that only means they haven’t found a vulnerability, not that one doesn’t exist.”

Anatomy of a hack attack – ZDNet UK

Sears puts customers’ buying histories on the Web

Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Web site.

Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.

The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.

“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number and address,” wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.

Sears puts customers’ buying histories on the Web