How to beat 22 Web security threats
- — 06 May, 2009 13:37
12. Document secrecy II: hidden data
The draft of a collaborative report written in Microsoft Word is likely to be riddled with notes and questions - and perhaps a few gripes inserted by various participants. You clean up the document before submitting it to the boss, but the comment "Do they really expect people to buy this junk?" hasn't vanished - it's simply hiding.
Besides its embarrassment value, embedded information makes life easier for corporate spies. Ignore it at your peril.
For Office XP and Office 2003 files, download Microsoft's Remove Hidden Data] tool. For [[xref:http://www.pcadvisor.co.uk/reviews/index.cfm?ReviewID=649 documents, you can use the Document Inspector command to view and (optionally) delete unwanted metadata remnants from your Word, Excel and PowerPoint files.
13. Zero-day attacks
In late 2008, Microsoft released two patches for IE (MS08-067 and MS08-078) without waiting until ‘patch Tuesday'. The release date was rushed forward when experts detected zero-day attacks - early attacks that attempt to exploited vulnerabilities that are not yet patched.
Microsoft delivered the patches with commendable speed. But these two high-profile cases within two months show the seriousness of the zero-day threat.
Windows' Automatic Updates will eventually install the patches you need. But its Automatic Updates tend to roll out slowly, leaving your PC vulnerable during the critical time between the public release of the patch and the moment you install it.
There's no technical fix for this danger. You need to keep up with the latest security news and visit update.microsoft.com as soon as you hear about an out-of-band patch.