Thursday, December 14, 2006

Oh, What the World Came to: Blocking Word Docs at the Gateway

So, this has been making rounds for a few days already after yet another (and then two more...) 0day in MS Office was discovered, but it got me thinking. The issue is that some orgs (NASA is mentioned here) chose to "block the receipt of Microsoft Word documents coming in to the space agency's core computer network as e-mail attachments" this time.

Would you do this? Or will your business units eat you for lunch and have nothing left for dinner? Now, almost everybody blocks EXE and COM as well as VBS on their gateways and it is seen as a reasonable practice. But DOCs?


Ken Buchanan said...

What do you want to bet that they just blocked files with .doc extensions, and if attackers are smart enough to rename their exploit files to .rtf or .dot they will render this measure useless?

That would make it a big inconvenience for the good guys, and a very slight inconvenience for the bad guys.

Anton Chuvakin said...

Let me think :-) Maybe I won't bet my life on the matter, but I can bet smth almost as big :-) ... I am pretty sure they blocked DOC and didn't think of renamed documents...

Dr Anton Chuvakin