 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Security Flaw Found in Microsoft Word | |
|
||
| Time: 04:26 EST/09:26 GMT | News Source: PC World | Posted By: Alex Harris | ||
|
Once again Microsoft is facing criticism from security experts, this time for a security flaw found in Microsoft Word. The flaw was publicized when a researcher posted instructions for circumventing a password feature in the popular word processing program. The password feature is designed to protect the content of specific elements of Word documents, such as forms or comments, from reviewers. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 6 of 6 |
This is an archived static copy of ActiveWin.com. |
| #1 By 61 (65.32.171.138) at Sunday, January 11, 2004 08:45:33 AM |
|
They say that the password mechanism is to keep people from reading your content. If this is the case, then I'd say the user is at fault, as encrypting it would be a much more secure option.
I, personally, only use the password feature to keep people from editing a document (like, say, if it was on the school network). I guess they are talking about passwording parts of a document, which is, again, inherantly a stupid thing to do if you really don't want people to view your document. |
| #2 By 1845 (67.161.212.73) at Sunday, January 11, 2004 07:43:05 PM |
| I'm not sure why readonly in DOS made a file undeletable. That really doesn't make too much sense. Readonly should deal with the file content, not whether the file exists. IMO. Similar to objects. Some properties are readonly, but that doesn't prevent an object from being destroyed. |
| #3 By 1845 (67.161.212.73) at Monday, January 12, 2004 12:09:48 AM |
| Obviously the Windows folks don't agree with you, since they won't let you alter its content (without removing the readonly attribute), but they will let you delete it. |
| #4 By 61 (65.32.171.138) at Monday, January 12, 2004 11:53:29 AM |
|
But the whole point is you have to actually open the document and change it into a HTML document, then go and open it up in a text editor. Flat out, you can not open up a Word document wich is password protected if you do not have the password. This flaw is not circumventing the main password system used by Word, only if you password protect part of the document.
Which is kind of like blacking out data on a certain classified document, which was reported a couple of months ago, and then someone was able to read it because it simply takes time for the computer to render that area. You need to keep your sensitive information separate from your non-sensitive information. Is there a problem in Word, yes, they should not be able to do this, but is it serious, no. It is only serious if someone is incredibly stupid. |
| #5 By 19992 (164.214.4.61) at Monday, January 12, 2004 12:00:10 PM |
|
sphbeckber -
As I understand it with the password in place over portions of a document you are unable to copy it to another document. Not a major risk to systems, but I have to wonder what this vulnerability (lack of a better term) will do to Microsofts' rep within the corporate world? If I remember correctly IRM was one of the 'compelling reasons' for businesses to move to Office 2K3, and to have it shot down in such a trivial fashion this quickly is certainly going to leave a lot of egg on their faces. |
| #6 By 10022 (24.169.19.69) at Monday, January 12, 2004 07:02:09 PM |
|
... if an attacker has access to your file, it is not your file anymore.
there are much better ways of protecting it. use those! |
