Beware of Trojans, Malware and Attacks Via Mobile

Top 9 Security Threats of 2011

Mobile banking and social networks are expected to pose new security threats in the payments space in 2011. But security experts say those threats won't displace the Zeus botnet, malware attacks and phishing threats, which for years have plagued banking institutions. Fraud attempts will escalate, not diminish, as new threats and channels blossom in 2011.

The top 9 threats of 2011 include:

Mobile Banking Risks

Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile.

Until recently, functionality for mobile banking was fairly limited. But as mobile application robustness has increased, so, too, have security risks. Mobile malware is an emerging threat, and Zeus attacks, such as Mitmo, aimed at mobile, have already been identified.

RSA security researcher Rivner slightly disagrees. "Mobile banking apps will not be a primary target for fraudsters," he says. Instead, he believes mobile browsing will be more targeted in the coming year, since most mobile users continue to use their online banking sites to conduct banking functions.

For more on the topic, see: Emerging Payments Options Open Doors for Mobile.

Social Networks and Web 2.0

The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking. With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information, including banking login credentials and Social Security numbers.

But external threats aren't the only risks. Social networking sites are also a venue for an institution's own employees to intentionally or inadvertently expose sensitive information. To mitigate internal risks of data leakage, it's important for organizations to spell out social networking policies to employees. They must know when and how to use social networks in the course of their jobs, as well as what information is/is not appropriate to share.

For more on the topic, see: How to Write a Social Media Policy.

Malware, Botnets and DDoS Attacks

Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters. Botnet operators now see opportunity for additional income.

Even with the takedown of the Mariposa Botnet earlier this year, banking institutions are expected to face growing challenges in the fight against DDos attacks.

Attacks are also getting more sophisticated. The No. 1 banking-credential-stealing Trojan, Zeus, is used by hundreds of criminal organizations around the world, so "add-ons" are prevalent. This year alone, Zeus has been linked to some $100 million in financial losses worldwide, according to the Federal Bureau of Investigation. Zeus' anonymous programmer, who launched the Trojan in 2007, is likely to come out with a new and improved Zeus variety in 2011. There is a good chance that he will soon emerge with even more powerful ways to steal.

For more on the topic, see: New, Improved Trojans Target Banks.

Phishing

Sophistication in phishing, smishing and vishing attacks also is increasing. Fraudsters now create very polished messaging that targets everything from bank accounts to Amazon accounts. In fact, respondents to the recent Faces of Fraud survey say phishing/vishing attacks rank No. 3 among fraud threats.

To fight these incidents, inroads in consumer education have been made, but the social engineering techniques that have made phishing a success are now trickling down to land-line and mobile phones. Phishing will be used as a general purpose tool that leverages a recognized brand, but doesn't try to attack them directly. Nonetheless, the damage to the brand's reputation (in the eyes of the victimized consumers) could be costly.

For more on the topic, see: Phishing Attacks on the Rise.

ACH Fraud: Corporate Account Takeover

In 2010, ACH fraud resulting in corporate account takeovers saw a dramatic increase and made for some of the year's most compelling reading. We witnessed banks suing customers and customers suing banks over the responsibility for fraud incidents and losses.

In 2011, commercial banking attacks are expected to rise, experts say, especially as man-in-middle or man-in-the-browser, also known as MitB, schemes increase.

MitB attacks targeting two-factor authentication intensified in 2010, requiring commercial banks to deploy additional lines of defense, such as out-of-band authentication, desktop hardening and anti-Trojan services. As the MitB attacks get easier, less sophisticated criminals are expected to target consumer accounts, too, despite smaller returns.

For more on the topic, see: ACH Fraud: 1 Year Later.

Cloud Computing

Cloud computing is touted for its ability to curb fraud, but fraudsters are working overtime to create new threats in what Rivner calls "the Dark Cloud." He predicts fraudsters will hone their ability to exploit new and yet-unknown cloud vulnerabilities. Rivner says institutions can expect in 2011 to see cloud-targeted Trojans, like Qakbot, that focus on a geographic region and/or specific banking sectors.

Cloud computing, in particular, is thought to be failsafe. People sometimes think there is no hardware involved ... and, as a result, it will never fail. So it's one thing to keep in mind: Cloud computing is not limitless. Every cloud has its own boundaries.

Inside Attacks

Malicious attacks or hacks are often launched inside an organization by a disgruntled employee. But the inside threat also may be posed by an outside person who uses false credentials to pose as an insider to illegally gain access to internal servers and systems.

The problem: companies and financial institutions have not properly limited access to databases and files that contain sensitive information.

WikiLeaks serves as a prime example of how insider threats can pose significant security risks. The controversy brewed when an Army private allegedly accessed and downloaded classified information that he later sent to WikiLeaks. Though the private had some security clearance, he did not necessarily have authorization to access and download the classified files he leaked.

It's often all too easy for employees to illegally grab sensitive information. "It's the little things that lead to most internal compromises, like walking away from your desk and not locking your screen. Internal fraud is still one of the biggest issues in financial services, especially since the embezzlement of funds and the compromise of consumer financial information is so tempting.

As RSA's Rivner points out, the challenges posed by outsiders are just as alarming, since many take aim at government and bank employees. Noting Operation Aurora as an example, Rivner says insiders can unknowingly pose threats, especially when they are targeted by sophisticated hackers.

For more on the topic, see: Most Breaches Caused by Crime Gangs.

First-Party Fraud

First-party fraud continues to pose security challenges. Also known as "advances fraud," "bust out fraud," "application fraud," "friendly fraud" and "sleeper fraud," first-party crime typically involves a customer applying for and accepting credit with no intention of repayment.

First-party fraud applicants can use synthetic identification or misrepresent their real identities.
The British Bankers Association estimates between 10 percent and 15 percent of bad debt losses may result from first-party fraud. Specialized criminal gangs now target financial institutions with counterfeit identification and advanced knowledge of lending practices. Once an identity is established, the fraudster builds credit and applies for multiple financial products.

For more on the topic, see: 'Watch the Lower Lip!' - Using Facial Expressions to Detect Fraud.

Skimming

In 2010, card skimming of all types took off, including traditional ATM skimming and new incidents at merchant point-of-sale systems and self-service gasoline pumps. Even though skimming incidents are localized, they represent a growing problem. The advent of ATM "blitz" or "flash" attacks reveals growing sophistication and coordination among counterfeit-card operations. Blitz or flash attacks involve the simultaneous withdrawal of funds from multiple ATMs in different locations, sometimes scattered throughout the world.

Flash attacks will pose increasing challenges, since they "fly under the radar" of most fraud-detection systems. Banks can stop it if they can figure out the point of compromise, but many have a hard time doing that with current fraud-detection solutions.

Fraudsters throughout the world rely more on wireless communications to transmit skimmed card data. Improving awareness is important and the PCI PED standard is addressing some of the global card skimming trends we are seeing.

Stronger cardholder authentication through contactless radio-frequency identification payments or contact chip technology such as EMV could address some of these emerging fraud concerns. Anything beyond better authentication would involve changing the whole infrastructure.

What is network Scanning?

Examine your Network With Nmap

Network scanning is an important part of network security that any system administrator must be comfortable with. Network scanning usally consists of a port scanner and vulnerability scanner.

Port scanner is a software that was designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and can be used by an attacker to identify running services on a host with the view to compromise it. A port scan sends client requests to a server port addresses on a host for finding an active port. The design and operation of the Internet is based on TCP/IP. A port can have some behavior like below:

• Open or Accepted: The host sent a reply indicating that a service is listening on the port.
• Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
• Filtered, Dropped or Blocked: There was no reply from the host.

Port scanning has several types such as: TCP scanning, SYN scanning, UDP scanning, ACK scanning, Window scanning, FIN scanning, X-mas, Protocol scan, Proxy scan, Idle scan, CatSCAN, ICMP scan.

TCP scanning

The simplest port scanners use the operating system’s network functions and is generally the next option to go to when SYN is not a feasible option.

SYN scanning

SYN scan is another form of TCP scanning. Rather than use the operating system’s network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as halfopen scanning, because it never actually opens a full TCP connection.

UDP scanning

UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. If a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. If a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open.

ACK scanning

This kind of scan does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This kind of scan can be good when attempting to probe for the existence of a firewall and its rule sets.

FIN scanning

Usually, firewalls are blocking packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand.

Nmap support large number of this scanning. A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. It is important that the network administrator is familiar with these methods.

There are many types of software for scanning networks, some of this software is free and some are not, at Sectools you can find list of this software. The significant point about Nmap (Network Mapper) is Free and Open Source. Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) for discover hosts and services on a computer network. Nmap runs on Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX.

Nmap includes the following features:

• Host Discovery
• Port Scanning
• Version Detection
• OS Detection
• Scriptable interaction with the target

Nmap Works in two modes, in command line mode and GUI mode. Graphic version of Nmap is known as Zenmap. Official GUI for Nmap versions 2.2 to 4.22 are known as NmapFE, originally written by Zach Smith. For Nmap 4.50, NmapFE was replaced with Zenmap, a new graphical user interface based on UMIT, developed by Adriano Monteiro Marques. Working with Zenmap is easy and have a good environment for work.

How to surf web anonymously with TOR

We all many times use proxies for staying anonymous on internet. Lets quickly check out , what we are actually doing while using proxies. We first connect to a proxy server which brings resources requested by us from the web server.

    
Thus a proxy server hides our identity by acting as an intermediary between us and the web server that we are accessing. Suppose we break into a server using aproxy server thinking that we are anonymous. But what if owner of web server starts enquiring about the clients connecting to it using the proxy server  and it is possible that owners of proxy server might  reveal our identity. This means we cant actually rely on proxy servers for being anonymous online. Here comes the concept of THE ONION ROUTING (TOR) into picture. By using this , the client traffic is supposed to be passed from three different servers or nodes before reaching to actual web server. It may randomly take any path through any three nodes.

Lets consider it has taken path shown by green arrows. Now

* Node 1 knows only actual origin(client) but not actual destinantion(web server).
*Node 5 neither knows actual origin nor actual destinantion.
*Node 9 knows actual destination but not actual origin.

Thus no one exactly knows which client is accessing which web server. So it is highly anonymous.

Installing and Using TOR:

Step 1. Download the TOR client from the given link and run the setup .
   
http://www.ziddu.com/download/12331095/vidalia-bundle-0.2.1.26-0.2.10-1.exe.html

Note: You need to install a Mozilla firefox add on which is included in package you have downloaded to use Tor.

                                          
Step 2. Open the 'Vidalia Control Panel' from the task bar and Click on 'Start Tor'.

                         
Step3. Now open Mozilla Firefox browser, single click on red highlighted 'Tor Disabled' on right corner of browser and it will turn to green highlighted 'Tor Enabled'.

Now just log on to 'www.whatismyip.com' and you will see your new public IP address that will keep changing after an interval of time according to the path randomly taken by web traffic through three different nodes.

Office 15 Details Revealed: Possible New UI, Office Mobile 15, Release Date Implication, and More

Goodbye Office 2010; hello Office 15! After some extensive (see: exhaustive) research, I’ve unearthed enough to confidently say that Office 15 planning is not only under way, but thriving as well. Amongst all the information are implications as to when Microsoft aims for its release, some of what Microsoft is specifically focusing on in their plans, mentions of specific Office 15 applications, services, and more! Follow along as I take you from the earliest mentions of Office 15 back in September 2009 up through to the very latest of what’s floating around from job postings, employee profiles, documents, and more. If you don’t feel like delving into the whole post, I’ve summarized the key points at the bottom of the post for quick review.

It’s Official: Office 15, the Codename

Beginning with a bit of history, I’ve been keeping my eye on Office 15 since September 2009 when I first noticed what seemed to be an employee referring to the next version of Office as “Office 15″ and “Office 2013.” A couple of months afterwords, I made note of a program manager mentioning Office 15 in an interview on Microsoft’s website. Shortly thereafter, references were also being discovered by MJ Foley and others. Fast-forward 6 months and now there are job postings on Microsoft’s Careers website that specifically reference “Office 15″ in various contexts which I will be referencing shortly.

Additionally, residing on Microsoft’s download servers is a PDF document by a company named Basex who makes mention of Office 15. Though in its own right, that doesn’t say much since any random company could simply reference “Office 15″ from what they’ve read elsewhere, the fact that the document is being served on Microsoft’s download servers lends a little more to its credibility:

Now, I know some of you are saying, “alright, already — it’s called “Office 15,” geez.” The reason I’m being so thorough is that an impending codename is never guaranteed (as we learned with “Office 13“) and I would rather err on the side of too much information to state my case than not enough. And for those of you who still aren’t sold, don’t worry; much more “Office 15″ referencing is on the way.

Release Date Implication: Office 15, a.k.a. Office 2013

Along with my previous mention of what appeared to be an employee referencing the next version of Officeas “Office 2013,” I’ve now found a similar reference from the following job profile of Microsoft employee Adam Callens courtesy of LinkedIn:

Directly engaged IT Pros to understand pain points and opinions of trending technology and drove their concerns directly into our planning pillars for Office 2013.

Basically, the key (and ridiculously obvious) takeaway here is the year Microsoft aims to release Office 15: 2013. With Windows 8 rumored to wrap up between late-2011 and sometime in 2012, that would potentially position the release of Office 2013 within a similar cadence to Office 2010, where Office 2010 was released well-after Windows 7 as opposed to alongside it as was Office 2007 with Windows Vista.

Office 15: Goodbye Ribbon UI?

This is mere speculation on my behalf, but the following found on Microsoft employee Josh Leong’sLinkedIn profile provides a vague-yet-enticing user experience mention that gets me thinking on the track of if Microsoft is going to simply refine the Ribbon UI as they did with Office 2010, or if they’re going to opt for something completely different:

Designing the new visual & interaction experience for Office 15.

The Ribbon UI is highly-touted in Microsoft’s products since its implementation in Office 2007. It has been carried through to much of Windows 7′s OOTB applications like MS Paint, Calculator, WordPad, and more recently, refined in Office 2010. Personally, I’m not so willing to bet that it will be done away with in place of something drastically different by the Office 15 time frame. I feel as though Microsoft will see to getting as much mileage as they can out of the Ribbon UI. Having a look at Josh’s personal page, it appears he does some pretty forward-thinking concepts (which probably don’t include the Ribbon UI), so I’ll certainly be paying close attention to any work on that front.

Office Mobile 15

Remember the job postings on the Microsoft Careers website I said I would be referencing? You guessed it; now is that time! Here, we have two job postings seeking to fulfill different positions on the same Office team. Both ads make reference to the Office Mobile suite and hint at additional functionality being planned for Office 15. Clearly not going anywhere, Microsoft acknowledges the need for Office tools on mobile devices and they’re obviously positioning themselves to meet that need as best they can through the Office 15 time frame (albeit, specifically on their mobile OS platform).

Now is your chance to get in on the ground floor of the Office organization’s newest team. The Office Mobile suite includes Communicator Mobile, Word, PowerPoint, Excel, OneNote, SharePoint, with more applications and capabilities being planned as part of the Office 15 product suite. This unique position involves technical challenges of working across multiple operating systems and devices as well as the chance to work with teams across the company and around the world. Our key focus going forward is designing and developing new end to end Mobile Office scenarios that greatly improve mobile meetings, productivity, and document management. All while taking advantage of the greater computing power, networking, memory, screen & touch, and GPS capabilities on next generation mobile computing platforms.

Source 01: https://careers.microsoft.com/JobDetails.aspx?jid=16832
Source 02: https://careers.microsoft.com/JobDetails.aspx?jid=16684

Outlook 15, Access 15, SharePoint 15, and Excel 15 Services Planning

Now to touch on some vaguely-mentioned specifics that are planned for Office 15 inclusion, I’ll begin with another job ad located on the Microsoft Careers site. This time, we see the Outlook team seeking a candidate to help impact the Outlook 15 release:

Outlook is currently in the process planning for Office 15. Right now is an excellent time to utilize your passion for engineering, contribute in the strategy and have a major impact on what Outlook does for the next release.

Source: https://careers.microsoft.com/JobDetails.aspx?jid=17753

Up next, the following Microsoft employee’s LinkedIn profile contains a mission statement-of-sorts for their part in Office 15 planning. Receiving shout-outs are Access 15, SharePoint 15, and Excel 15. At the very least, it’s safe to assume that those applications/services are being considered for inclusion in Office 15. Have a look:

Office 15 Planning (Feb 2010 – present): Initial planning of user session management in Access Services 15.
• Identifying load balancing and session management requirements for Access Services 15;
• Investigating existing features for this purpose in SharePoint and Excel Services;
• Deep understanding of the existing implementation in Excel Services;
• A final set of suggestions on planning the implementation.

Excel 15 to Contain a “Major New Feature”

An employee by the name of Ben Gable has a rather interesting mention in his LinkedIn profile. Having completed a 12-week internship in the Office Excel group, he apparently has quite an offering to be unveiled in Office 15 (specifically, Excel 15). Who knows as of yet what that could possibly be, but it certainly sounds exciting. Here’s a snippet from his listed experience:

• Designed major new feature to be introduced in Office 15
• Wrote 80-page spec
• Managed tight deadlines
• Led technical team to plan implementation
• Held Office-wide review meetings
• Consulted with international Excel clients in financial services
• Coordinated with Product Research to hone feature design for the needs of world-wide Excel clients.
• Led usability testing. Created demos and mock-ups for usability tests. Analyzed data and presented findings. Used testing results to validate design decisions.
• Completed project 2 weeks ahead of schedule

Word 15: Taking Collaboration and Communication to the Next Level with Coauthoring

While browsing through recent interviews that populate the Microsoft Press Pass website, Microsoft Word program manager Jonathan Bailor answered some questions in regards to Office 2010. At the end of the interview, he was asked, “What’s next for you at Microsoft?” His answer sheds a bit of light of what may well be a major focus for Word 15:

In Office 15, we’d love to take collaboration and communication to the next level. We’ve unlocked all of these new ways to work and a new set of expectations from users, and we’re like, “Put us back in the ring; we’re ready for round two.” Until coauthoring a document is as easy and ubiquitous as e-mail attachments, our job isn’t done.

Customer Management and Relationship Marketing

If you keep up with Microsoft as a business (as opposed to just using their products), you’re probably familiar with the emphasis they place on their relationships with high-profile customers and partners. Employee Kristin Fitzpatrick’s LinkedIn profile shows that Microsoft is keeping true-to-form by identifying scenarios and key partners, as well as building business cases — all for research and development, planning, and feature request submittal. Detailed below are some of Kristin’s noted areas of work in these early stages of Office 15 development:

• Identified and built business case for in-product Relationship Marketing (RM) areas of investment in Office 15: identified successful examples of in-product RM (that increased usage & SAT) across Microsoft, worked with research vendor to quantify business impact, prioritized top areas of investment, and socialized results (CXM walking deck and Business Perspectives) with Office Product Management.
• Integrated CXM feature requests into Office 15 planning by identifying relevant partners, establishing new relationships, and understanding key milestones and points of engagement.
• Set up process for prioritizing Marketing requests to R&D (Office Online) to ensure feature requests were consistent with overall business strategy and R&D bandwidth.

Personas and Automation

Thanks to the following Microsoft employee’s LinkedIn profile, we learn here that Microsoft is researching and defining personas as well as focusing on upgrading Office’s Automation Framework (which some of you advanced Office users out there should be thrilled to hear). Here’s the profile quote:

CODE COVERAGE DRIVER
- Monitored code coverage for our Automation suite and communicated status to Management.
- Trained the team to use code coverage for effective Automation.
- O15: Came up with a strategy to use code coverage as a product health check and signoff tool forO15 and presented to management.
O15 PROJECTS
- Working with a few PMs to research and define Personas to target for O15.
- Leading the effort to fix our Automation Framework.

Office 15: Everyone Matters

I thought the following mention of Office 15 in the following LinkedIn profile was cute when placed in context of everything else above. This just goes to show that everyone from the top developers, designers, and managers all the way down to the testers and assistants help the planning process to happen as smoothly as possible!

Download data, create spreadsheets and other statistical reports to aid in Office 15 framework.

Conclusion: Key Takeaways

Well, this wraps up everything I’ve dug up thus far. To summarize the key aspects of all the information above, I thought I would culminate a list of key takeaways. Thanks for reading and please do chime in with your comments! In no particular order:

• Office 15 is without a doubt the codename for the next version of Office.
• 2013 appears to be the magic year Microsoft aims to release the next version of Office.
• Office Mobile 15 is at the very least a consideration alongside the planning of Office 15.
• Currently known to be planned for Office 15 inclusion are Outlook 15, Word 15, Access 15, SharePoint 15, and Excel 15.
• Office 15 will sport a new user interface. How drastic of a change it will be is yet to be determine.
• Excel 15 may include a “major new feature” completely new to the Office suite, courtesy of Office 15.
• Improving document coauthoring, a new tool in Office 2010, appears to be a primary focal point for Word 15.
• Target personas are being researched and defined for Office 15 focus.
• Office 15 should see an improved Automation Framework.

Microsoft Office “Limestone” isn’t a new mystery Office “15” application

Bit more detail about ms Office 15..Some is Mentioned here 

Limestone in the traditional sense is a type of sedimentary rock, consisting of layers and layers of “schtuff” mushed together. This is perhaps why the word was chosen for Microsoft’s Office internal scaffolding. The software, which actually leaked under the radar back in Office 14 beta days, appears to have been developed for the purpose of testing each and every layer of the Office suite – ranging from the basics like text formatting to the more complex Ribbon and Backstage UIs. Judging by the screenshots, it’ll never be a consumer facing application or magically integrate anything with everything. It’s simply a fun dev. tool.

(This particular build of Office 14 (14.0.4302.1000) doesn’t uninstall properly, therefore I used an older Windows Vista virtual machine I had lying around for screenshot purposes.)

  

Office 15: What's Microsoft's new mystery application?

As i mentioned before that some one leaked microsoft windows 8 plan  now this time new version of ms office is reveald.

There are reports that a new early build of Microsoft’s Office 15 have escaped the Redmond halls. More interesting than the mere existence of these pre-alpha build, however, is another mention of a new application that will become part of Microsoft’s next-generation Office suite.

Despite the fact Microsoft only began shipping Office 14 (a k a, Office 2010) a couple of months ago, an August 20 Softpedia report (via the Russian website Wzor) claims there’s a new Office 15 build floating around.

Softpedia’s report also includes something near and dear to this Microsoft watcher’s heart: a new codename. “Microsoft Limestone Integration Application” (also known as “Microsoft Lime”) is a new application development element that will be part of Office 15, according to information that allegedly is part of the newly leaked build. (Update: One of my contacts says Lime is just a user-interface utility for Office, and probably not considered a new application in and of itself. Update 2: Microsoft blogger Rafael Rivera agrees and shares a bit more on Lime/Limestone….Nonetheless, it still sounds like there is a new Office 15 app coming. Read on….)

Stephen Chapman noted on his Microsoft Kitchen site, back in early June this year, that there were indications Microsoft was planning to add a new application to its coming Office suite. Chapman connected the dots and discovered a mention of “a major new feature” coming to Office 15 via a LinkedIn profile of a former Microsoft intern. That intern worked on the Excel team.

That’s not a whole lot to go on, but it’s got me thinking Limestone/Limethe new mystery Office 15 application could involve integrating Excel with another technology. Could it be some kind of business-intelligence-related app? Something to do with charting/data visualization? Hmmm

Shoaib Gul , a Microsoft consultant and former Windows blogger, offered a possible (and convincing, in my opinion) guess as to what the new mystery feature might be: “I’d say that the new app is most likely the extension of the co-authoring features of Office Web Apps into a shared desktop runtime. Think about it… why were Groove’s best features missing from the last release? Likely because they were being re-architected into an Azure-based next-gen real-time collaboration platform.”  (McLaws emphasized this is just his own speculation and not based on anything from Microsoft about its Office 15 plans.)

One last point: According to Softpedia/Wzor, Office 15 is planned for delivery in early 2014. I’m skeptical of that date; I’d say 2012 or 2013 is more likely, given the Office team’s typcial two- to three-year development/release schedule (and that group’s tendency to under-promise/over-deliver so as to ship “early,” rather than late).

Microsoft, unsurprisingly, isn’t commenting on anything related to Office 15. “Wave 15 is currently under development, but we have nothing further to share at this time,” a spokesperson said on August 20.

Any guesses of your own as to what kind of new app Microsoft might add to Office 15?

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.