The good news this morning is that I should be receiving the final index for my new book which is coming out in July. Once I approve the index, the book will be off to the printers for publication, at long last. In the meantime, I have also started the quest on my new book, which deals with Cyber terrorism, Cloud Infrastructure, and the AWS.
I have already started to write Chapter 1, and in it I have talked about the evolution to the Cloud by first “talking” about the history of the mainframes, the PC, and wireless networks. After all, they all did have an impact on the formation of the Cloud.
In it, I also have “talked” briefly about the history of the Microsoft Office, which we all know includes Word, PowerPoint, and Excel (there are probably even more than this, but this is all I use, primarily Word for my writing projects). These software packages are no doubt used worldwide, and are also of the prime vehicles that are used by the Cyber attacker.
They are used mostly in Phishing e-mails, where you are coaxed to download a file (such as .XLS, .DOC, and .PPT) which actually contains malicious code. Once you download that file and open it, your computer will more than likely be infected by a Trojan Horse virus, and you probably will never be aware of it. This is the “backdoor” for the Cyber attacker, in which they can covertly get access to your usernames and passwords.
However, Java Script has also been the source for other forms of Cyber attacks, and when you couple that already with the security vulnerabilities that are already found in Excel, well, you get the recipe for a big disaster. In fact, this was demonstrated by Security researcher Charles Dardaman how this can be done.
Also, keep in mind that any Java Script functionality has to connect to some sort of external server, because a web page is involved somewhere in the process. Before this connection can be made, Microsoft will ask the end user if they want to connect to that particular server or not. So, this is yet another fail safe that has been implemented. Because of this, it has been deemed by security professionals that this Java Script functionality does not pose too much of a threat today, unless of course, a Cyber attacker has found a way to automate this entire process in the background.
Remember, always stay safe by downloading the appropriate software patches and upgrades (especially if you are using the desktop version of Excel), or use the Office 365 version. Since this one is Cloud based, it will probably be kept up to date automatically.