Being an ethical hacker for 10+ years usually raised a few eyebrows when answering the ‘what do you do for a living’ question. People have a genuine interest in what’s seen as a secretive and bizarre cyber world. During these conversations it seems most computer literate people are now fully aware of Anti-Virus and Firewalls and the need for security software but are completely unaware of some of the latest and most sophisticated nasties.

Local attacks as I’ll categorise these nasties are vulnerabilities within software packages such as Microsoft Office, Adobe PDF reader and Flash player. We first saw these being used to target specific individuals in powerful and influential positions but are now being used for widespread use.

Simply by opening a hackers Word or PDF document for example you could give them full access to your beloved laptop. This principle also stands if you browse a website with an exploit written into the code. I have some great examples of these nasties downloaded from the Internet or created with a hacking/exploit toolkit which is readily available on the web called Metasploit. Anti-virus software will generally not touch these files and often gets disabled when they execute their payload.

No single software package can protect against these issue now matter what the vendors would have you believe.

Just be aware next time you open document from an unknown source or browse an erhhh non-corporate Internet site you might leave yourself open for attack.