October 13, 2008
Home
About
Submit Press Release
PR Firms
Editors/Journalists
Search Archives
 
News Releases by Category  
News by Country  
News by MSA  
All News for Today  
Browse News by Day  
News by Trackbacks  
All Press Releases for February 13, 2005 Subscribe to this News Feed  
 

Multiple Layers Of Security Will Help Prevent Exploit Of New Flaw, Says Security Methods Inc.

Security Methods Inc., a leading information security provider based in Virginias Dulles technology corridor, is urging Microsoft Word and Excel users to shore-up security to ensure that they are not affected by recently discovered encryption flaws. A Chinese academic has revealed a major problem with the way Microsofts encryption tool handles Word and Excel files, according to a January 28 report in the TechRepublic. The flaw could allow a cracker with basic cryptography skills to decrypt the files, warned the academic. Even basic cryptography skills wont be required when exploit tools are developed," said Carson Sweet, Principal Director at Security Methods. Point-and-click exploit tools tend to appear rapidly after an issue like this is exposed."

Fairfax, VA. (PRWEB) February 13, 2005 -- Security Methods Inc., a leading information security provider based in Virginias Dulles technology corridor, is urging Microsoft Word and Excel users to shore-up security to ensure that they are not affected by recently discovered encryption flaws.

A Chinese academic has revealed a major problem with the way Microsofts encryption tool handles Word and Excel files, according to a January 28 report in the TechRepublic. The flaw could allow a cracker with basic cryptography skills to decrypt the files, warned the academic.

Even basic cryptography skills wont be required when exploit tools are developed," said Carson Sweet, Principal Director at Security Methods. Point-and-click exploit tools tend to appear rapidly after an issue like this is exposed."

Microsoft is downplaying the problem, arguing that it poses a very low threat for users because an obscure situation would be needed to exploit the problem.

But Security Methods officials warn that the situation happens more frequently than many would expect. Officials with the Fairfax-based firm say a common situation thats ripe for exploit is when a sensitive file is received via e-mail, edited, and then forwarded to another user.

This issue is not as obscure as one would hope," said Sweet, a CISSP and CISM-certified security specialist.

Sweet points out that most computer users receive files via e-mail, make changes using the same filename, and forward them to others on a daily basis. Sensitive Word or Excel files handled in this way would provide an optimal situation for an attacker with access to the victims PC through a Trojan horse or other means.

Companies that counted on Word and Excel to protect sensitive data could be facing significant risk, particularly where multiple versions of a vulnerable document have been stored or distributed. If these files had been protected by properly implemented encryption, it wouldnt matter at all. At this point, it matters quite a lot."

Sweet also said that these types of problems go well beyond Microsofts issues and that true assurance cannot be attained by depending on just one layer of protection.

Its easy to blame one vendor, but its also unrealistic to think that any vendors security QA process can be 100 percent certain. Just as with any other technology, you never know when a security mechanism might fail," Sweet said. Just because the mechanism exists doesnt mean that it is correctly implemented. Multiple layers of properly implemented security are critical. Companies assuming theyve found a ‘silver bullet are betting against very long odds."

About Security Methods Inc.
Security Methods is a leading information systems security provider that has met the protection needs of private industry and government agencies since 1996. Our mission is delivering direct, tangible, and cost-effective results to organizations demanding a higher standard of information security assurance. The companys sole focus is providing specialized automation, skills, and strategies that achieve powerful and sustainable information security.

From its headquarters in Virginias Dulles technology corridor, Security Methods offers security solutions fitting a broad range of financial and operational situations. Our practical approach maximizes existing protection capabilities, expanding them as required through skilled development and integration of information security technologies.

Contact Information:
Communications Department
Security Methods Inc.
11350 Random Hills Road
Suite 800
Fairfax, Virginia 22030

(t) 703-831-4151
(f) 703-637-1148
www.securitymethods.com

###

###
See the original story at: http://www.prweb.com/releases/2005/02/prweb208132.htm
Email this story to a colleague
Printer Friendly Version
Bookmark with del.icio.us
Bookmark with Y!MyWeb
Submit to Digg
Communications Department
Security Methods Inc.
703-831-4151
Email us Here

There are no multimedia files attached to this release. If this is your release you may add images or other multimedia files through your login.
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 
Disclaimer: If you have any questions regarding information in these press releases please contact the company listed in the press release.
Please do not contact PRWeb®. We will be unable to assist you with your inquiry.
PRWeb® disclaims any content contained in these releases. Our complete disclaimer appears here.

© Copyright 1997-2007, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Terms of Service | Privacy Policy | Copyright