Do you open everything that comes your way? Maybe you should think twice

Yesterday the Internet Storm Center (http://isc.sans.org) noted in the handler's diary that:

"Quite frequently users will open many files which have traditionally been treated as 'safe', many new vulnerabilities are highlighting the fact that files from an untrusted source should never be opened. Several exploits are currently in the wild for Adobe Acrobat (PDF), Winzip (ZIP), Microsoft Compressed Folders(ZIP), and many other products. "
The point came up because there is a new WINZIP vulnerability "in the wild" and while they're noting that there is no current worm that is propagating through it, the future will likely bring one so we should deal with the problem now.

The point they make is that nobody should open any attachment unless they are expecting it from someone they know - a sentiment that I heartily endorse.

If you are at all interested in what is going on daily in the way of security threats, I highly recommend this (ISC.SANS.ORG) site.

------------------------------

Another interesting tidbit is the story of a work-at-home person's wife receiving a call from a purported employee of the local phone company's ISP department selling some software that "enhances the internal network security" of their home systems. Since her hubby was not home, she called her brother-in-law who worked for the same company here husband works for - and found out there is no such software...

This is an example of "social engineering" where it appears the intention was to gain access to the physical systems long enough to install some nefarious program - a keystroke logger or other monitoring program for instance.

Always check and authenticate anyone you let access your computer systems (or your home for that matter) in the same way you hopefully authenticate anyone who wants access to your business premises for similar reasons.