Home » Home Users » Press Center » Subscriptions » Oxygen3 » Oxygen3 File

Weekly summary

"Only put off until tomorrow what you are willing to die having left undone."
Pablo Picasso (1881-1973); Spanish painter.
(On November 3, 1954, Henri Matisse died).

Madrid, November 3, 2007 - The most important story published this week by Oxygen3 24h-365d is: "Malicious TIFF files exploit vulnerability" (10/30/07): According to Techworld, an exploit has been published that takes advantage of a critical vulnerability in older versions of Windows. This security flaw enables hackers to create maliciously encoded TIFF files which can run unauthorized software when opened with the Windows Image Viewer.

Below you can find other bulletins published this week:

- Microsoft and the PDF file vulnerability (10/29/2007): Microsoft has admitted in a blog that the problem with PDF files is not an Adobe vulnerability, but a Windows system vulnerability, and PDF files are simply used as an attack vector to exploit the flaw. The vulnerability stems from the ShellExecute module in Microsoft Windows. Consequently, updating the PDF file reader does not solve the problem. Microsoft is currently working to solve this issue.

- IT security survey in British companies (10/31/2007): According to Computer Weekly, a survey has revealed that 35% of British employees who use PCs claim IT security is down to them when they work outside the company.

- 43% of IT users reveal their passwords (11/01/2007): According to a survey by Deloitte, 43% of computer users give out their passwords and more than half of them lack security awareness training. The survey also provides information about the way passwords are chosen. 41% of users choose a familiar name, such as their own, their pet’s or a close relative’s.

- New variant of "Storm Worm" (11/02/2007): According to PandaLabs’ blog, a new variant of Storm Worm is being sent out in messages alluding to Halloween. These messages contain a link to a website which shows a ‘dancing skeleton’ and offers visitors the possibility of downloading it to their desktop. However, it the user downloads and runs the file, it will install a worm on the system and turn the PC into a zombie computer at the service of a malicious user.