advertising information

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...

Expert confirms 'Russian New Year' danger

Excel security problem highlights a new era of risks, says ICSA's Thompson.

graphic

January 11, 1999
Web posted at: 3:18 p.m. EDT (1518 GMT)

by Stan Miastkowski

(IDG) -- Computer viruses and other security threats hit the headlines so often that it's easy to become blasť about them -- but the "Russian New Year" problem is not business as usual.

Reported earlier this week by the Israel-based security company Finjan, the "exploitation" is said to let hackers access any machine that has Excel 95 or 97 using a combination of HTML from a Web browser and Excel's CALL function. (It's claimed that Excel doesn't have to be running for the damage to be done.)

Further muddying the Russian New Year situation, Microsoft responded that the company knew about the issue in December and posted a fix for it. And both Microsoft and Finjan agree that there haven't yet been any confirmed real-world reports of the threat actually being used.

Both also agree that it's a good idea to disable Excel's CALL function.

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at IDG.net
    IDG.net's desktop PC page
  IDG.net's portable PC page
  IDG.net's Windows software page
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for computer geniuses(& newbies)
  Search IDG.net in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute
   

One independent expert confirms Finjan's claim that Russian New Year may be the beginning of a new era of computer security problems. Roger Thompson, director of antivirus and malicious code research for the International Computer Security Association, says the technique is "genuine and dangerous", the first security threat that can cause real damage to your PC without your taking any action such as opening a file.

Thompson adds that it's the "key to a deeper set of potential threats that can remotely run any program on your machine."

Thompson criticizes Finjan for rushing to announce Russian New Year before the industry was prepared with solutions. And while he agrees that there haven't been any confirmed reports of the problem, he fears that now that the news is out, hackers will rush to exploit it.

He also blames Microsoft for overdoing "PR spin" in reaction to Finjan's announcement, and for not yet releasing a fix for Excel 95 and for Internet Explorer 3.x, and for not releasing fixes in languages other than English. (The company's December patch only covers Excel 97; Internet Explorer 4.01 already includes built-in protection.)

More ominously, Thompson hints of a Pandora's Box, with "lots of other things... waiting to be discovered" by hackers. With today's operating systems and applications, "the more powerful you make them, the less secure they are," he says. "Security and functionality exist in an inverse relationship."

 
Message Boards: Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

  
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.