Microsoft Office Update Contains Security Fixes

Microsoft has released Microsoft Office 2008 for Mac Service Pack 1, a major update to Office 2008, which also contains some security fixes that Microsoft says are critical. In Microsoft’s security bulletin describing the issues, the company says:

“This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Whatever the vulnerabilities, the effects could be disastrous. It is rare that we see something that could allow attackers to create new accounts, install programs, and delete data. It is strongly recommended that you install this update immediately.

But the security fixes are not just for Office 2008. They cover Office 2004, as well as just about every version of Office for Windows. You can download the Office 2008 update here; it’s 180 MB. The Office 2004 update is here; it’s only 9 MB.

Laptop Thieves Nabbed by .Mac

Kait Duplaga, an Apple store employee, who lives in White Plains, NY, had two of her Apple laptops stolen from her home. Being a savvy Mac user, when Kait found that her Mac was being used (a friend saw her on iChat, showing that one of the computers had logged onto iChat automatically) she went into CSI mode. She used the “Back to My Mac” feature included with .Mac accounts to remotely access the laptop, then snapped a picture of the user. Showing the picture to friends, the person was identified as having attended a party at Kait’s apartment. The police took things from there, arresting two men for burglary, and recovering nearly all the stolen property.

Adobe Updates Acrobat for Critical Vulnerabilities

Adobe has issued a security bulletin regarding security updates to “Adobe Reader 8.1.1 and earlier versions Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions.” These programs have critical vulnerabilities that could “cause the application to crash and could potentially allow an attacker to take control of the affected system”. A total of eight vulnerabilities are fixed in these updates, and you can download them from the security bulletin page linked above.

Personal Information Easily Harvested on Facebook

Facebook is currently the most popular social networking site on the Internet. With the ability to find friends, communicate with them, and play games, the site can be addictive. But the BBC’s program Click this week showed that your personal information - the information in your Facebook profile - can be harvested easily by applications you choose to add to your profile.

It turns out that when you allow an application to access your personal information - something that many applications require - that application can get at not only your information, but that of your friends, without their knowing it, and in spite of their security settings.

The Click team created a simple application that could masquerade as a game or a test.

“We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.

But whatever it looks like, in the background, it is collecting personal details, and those of the users’ friends, and e-mailing them out of Facebook, to our inbox.

When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people’s security?”

The solution? Alas, there is none for no. The only thing you can do is make sure that you don’t include, in your Facebook profile, information that you don’t want non-friends to find out about. Or, as the Click team says, “In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future.”

To learn more about this, watch this segment of Click on the program’s website.

Celebrate the 30th Anniversary of Spam

An article in The Register reminds us that the very first spam e-mail was sent on May 3, 1978, or thirty years ago. Somehow, this anniversary is not much to celebrate. As most Internet users can attest to, spam is rampant; it’s the true scourge of the Internet. Many users get as many as hundreds of spam messages a day; all you need is to have one e-mail address on a web site, in forums, or on mailing lists, for spammers to harvest it, package it, and sell it along with millions of others.

While spam filters are increasingly efficient (and Intego’s Personal Antispam is recognized as the most effective spam filter for Mac), spam is constantly evolving. (This Wikipedia page explains some of the techniques used in spam, and how they change to try and fool spam filters. It’s a never-ending battle, unless the powers that be come up with a system that will authenticate messages, allowing ISPs to filter out spam.

The Register article cited above suggests that 95% of all e-mail is spam; other sources posit figures of 80-90%. But spam works; as the Register says, “a recent survey … revealed that 11 per cent of people admit to having bought goods in response to spam messages.”

Computer Keyboards Dirtier than Toilet Seats

While we usually discuss here the type of computer security that affects your data, operating system and personal identity, it’s time to look at another aspect of security that you may not realize. The British consumer magazine Which has done a study of computer keyboards in a typical London office and found that they are “5 times filthier than a toilet seat,” and that “the germs found could cause food poisoning symptoms such as diarrhoea and other stomach upsets.” While this is the case however in offices, this is likely not the case at home. The article points out that, “the main cause of a bug-infested keyboard is eating lunch at your desk, as the crumbs encourage the growth of millions of bacteria.” So unless you eat over your home keyboard, you have less to worry about for that one.

Most people never clean their keyboards, their mice, or even their telephones, while it is relatively easy to do so. Just take a clean, lint-free cloth with some alcohol, and you’ll get them pretty well cleaned. Well, not always - the problem with keyboards is the spaces between the keys. To really clean a keyboard, you need to pop off the key caps (use a screwdriver and carefully pry them off) and, perhaps, soak them in a disinfectant. For other devices, you can simply use alcohol or disinfectant wipes.