You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login

Reply #34: no thanks [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
foo_bar Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Jul-20-08 04:29 AM
Response to Reply #33
34. no thanks
It may be a single malicious user with an axe to grind, and that user may be targeting a very small group of people who just happen to use Microsoft Excel. But whoever it is continues to make security firms like Symantec nervous, as yet another Excel-based document with a malformed image string, dubbed Trojan.Mdropper.Y, has turned up.

As a message on Symantec's security blog stated this morning, the Excel document with the malformed string is capable of dropping two Trojan horse programs onto the victim's computer, both of which are identified as Backdoor.Bias.

Both programs apparently leave open the possibility for remote exploit, but neither Symantec nor Microsoft has provided any details with regard to whether their informant victim's computers have been "phoning home."

This time around, Symantec was much more careful with the phrasing of the new Trojan's description on its blog, cautiously explaining that Trojan.Mdropper.Y was a different document that leveraged the same exploit as with editions prior to "Y," perhaps a little differently than before but not different enough to call this a new vulnerability.

7:42 PM EDT Tue. Mar. 11, 2008

Microsoft (NSDQ:MSFT)'s Patch Tuesday came a day late after a U.S. Computer Emergency Readiness Team advisory warned that a targeted Trojan attack may exploit one of Office Excel's known vulnerabilities.

Altogether, the vulnerabilities can be found in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Office Excel 2002, Office Excel 2000 and Excel 2004 for Mac. However, the vulnerability doesn't affect customers using Office Excel 2007 or Excel 2008 for Mac, or users who have installed Office Excel 2003 Service Pack 3.

Microsoft June 15 confirmed that a new, undocumented flaw in its widely used Excel spreadsheet program was being used in an attack against an unnamed target.

The companys warning comes less than a month after a code-execution hole in Microsoft Word was exploited in what is described as a "super, super targeted attack" against business interests overseas.

The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers. /

I use OpenOffice for my limited spreadsheet needs, but spreadsheets in general aren't suited to database tasks unless the sole design criterion is TIA's learning curve.

Databases also outperform spreadsheets in the area of data integrity. A database can place better controls that restrict data to specific ranges and default values ensuring consistent and correct data. If you keep an inventory, you might want to make sure item types are restricted to things such as "disposable" or "equipment" and a receipt is filed for "equipment" items more than $100. A database can restrict particular data to a list of acceptable values, in this case "equipment" or "disposable," and refuse incorrect data with a detailed error message. Either a database or spreadsheet could have a receipt reminder pop up each time an item more than $100 is entered. Only the database, however, can cross-reference the data to make sure the item is an "equipment" item as well as more than $100 before accepting the entry.

You can consider sticking with your spreadsheet-as-a-database approach if you work with a small number of records; 2,000 or less is a very manageable number. If you regularly create new spreadsheets to keep your information organized, you should probably move to a database application.

Spreadsheets are often temporary pieces of work. Generally, they are used to meet a particular need and then discarded, or used very little. This means that the full rigors of software engineering are often absent from their development. The ease with which an inexperienced user can produce plausible output also tends to militate against the adoption of a more rigorous approach Ray Panko of the University of Hawaii has collected information from both field audits and laboratory experiments in spreadsheet development indicate that spreadsheet errors are fairly common. <...>

Coopers and Lybrand in London cited research showing that over ninety percent of all spreadsheets with more than 150 rows contained at least one significant formula mistake.
In another study, subjects were shown large and small, well- formatted and poorly formatted spreadsheets. Which combination inspired the most user confidence? You guessed it: large, well- formatted ones. Call it the Information Age Effect; with all that rigorous data so beautifully laid out under program control, how can anything possibly be
wrong? <...>

Simple to use
Graphics easier to setup
Easy data duplication
Cell formulas & Calculations

Repeated Data
Data entry
Data validation & Checking
Data sharing / Collaboration
Search and Retrieval
Error Debugging
Upper row limit (65000 for Excel)
Easy data duplication
Formula errors

Printer Friendly | Permalink | Reply | Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC