Watch out for MS Office security...

Brian Krebs' Security Fix: MS Office Flaws Ideal Tools for Targeted Attacks

Amazingly the office tools can still represent a serious security threat. We thought that the era of macro viruses was over a "decade" ago, but new trojans combined with social engineering techniques can still manage to knock down unadvised people.

What is worse is that among those people are even the ones in charge our money, business and security.

And by the way, did you know that using Microsft Update or Windows Automatic Update will not update your MS Office applications ? You will have to use Office Update for that...

Dlink gets dirty with the NTP community

Recently it came into my attention a story about PHK's (Poul Henning Kamp, one of our most esteemed engineers in the BSD community) NTP time server at DIX being abused by DLink's network appliances. Yet another story to be told to our kids in the future reminding them how easy it was to disrupt IP/Internet services in our times.

For sure there are quite a lot of limitations in how to respond to such an horrendous mistake on DLink's part. As a matter of fact it could have been anyone's mistake. Today's Internet infrastructure relies more than it should on the people's common sense. Of which there isn't too much today and surely there won't be at all in the future.

Oh, and this is not the first time it happened: NetGear also made a similar mistake.

For what is worth, in my opinion all DLink users should sue their vendor in the (unlikely) eventuality that PHK might resort to a legal measure against users that illegally bog down his NTP server (based on IP addresses). I bet that if, instead of PHK, one of the top corporate giants was playing the victim role, then the entire game would have gone drastic. Guess what would have happened if ntp.cisco.com was on that NTP servers list...