Bruce Schneier on the vulnerability of Word 97

Posted on by

Bruce Schneier on the vulnerability of Word 97

“Here’s the vulnerability. Alice sends Bob a Word document. Bob edits it and sends it back. Unbeknownst to Bob, the document he sends back can contain any file on his computer. All Alice has to know is the file’s pathname.

To make the vulnerability work, Alice embeds a particular code in the Word document she sends Alice. When Bob opens the document, Word scarfs up the file off his hard drive and embeds it into the Word document. Bob can’t see this happening, and he has no way of knowing it has happened. If he looks at the document in Notepad, though, he can see the snooped file. Then, when Bob saves the document, the file becomes part of the saved document. He sends it back to Alice, and she has successfully stolen the file.

This attack works with any file on Bob’s computer, and any file on another server that Bob currently has access to. It’s not a macro, so turning off macros doesn’t help. It’s not a piece of malware that an antivirus program will catch. It’s just a feature of Word 97 being used in a novel way. And Alice can embed hundreds of these codes into the Word document she sends Bob, so if she doesn’t know the exact filename she can make lots of guesses.

This is an enormous security hole, and one that the user is simply unable to close. All Bob can do is 1) refuse to return Word 97 documents he edits, or 2) manually examine them all in Notepad or WordPad.

Another Microsoft vulnerability…so what? There are hundreds of these a year. Why bother writing about it?

To me, the interesting aspect of this is that Microsoft is no longer supporting Word 97. This means the company has an interesting choice: they can patch the vulnerability, or they can demand that users upgrade to the latest version of Word. Doing the latter is sleazy, but it’s in Microsoft’s best interest for people to upgrade. They might think of this simply as added incentive.

We’re seeing more and more of this: vulnerabilities in products that are no longer supported. When the SNMP vulnerabilities were published earlier this year, many products with the vulnerability were no longer supported. Some were made by companies no longer in business.

I first read about this vulnerability in an e-mail newsletter called “Woody’s Office Watch.” Alex Gantman reported the Word 97 vulnerability on Bugtraq, and Woody Leonhard claims that he has discovered similar vulnerabilities in Word 2000 and Word 2002. He’s keeping them quiet for a while, giving Microsoft a chance to fix them.”

Links:
http://online.securityfocus.com/archive/1/289268 http://www.woodyswatch.com/office/archtemplate.asp?v7-n42 http://news.yahoo.com/news?tmpl=story2&ncid=1209&e=4&u=/nm/20020913/wr_ nm/tech_microsoft_word_dc&sid=95573713 http://makeashorterlink.com/?Z2C1218C1

En passant, this also illustrates why closed source software is such a nuisance. Nobody can fix this except Microsoft.

Guess what? Bruce Perens (HP’s Linux evangelist) has been fired. Now I wonder why

Posted on by

Guess what? Bruce Perens (HP’s Linux evangelist) has been fired. Now I wonder why
“NYT” report.

“According to Mr. Perens, a handful of forces combined to make his exit from Hewlett-Packard inevitable. After it bought Compaq this year, the combined company became the largest single buyer of Windows for personal computers and data-serving computers, and thus more dependent on Microsoft. A rising threat to Microsoft is GNU Linux, an operating system distributed free and developed using the open-source model in which communities of programmers donate their labor to debug, modify and otherwise improve the code.

After the merger with Compaq, Hewlett also became the largest vendor of Linux-based server computers, ahead of Dell Computer and I.B.M. Yet Hewlett’s bet on Linux still pales compared with its reliance on Microsoft. And after the merger, it was mainly former Compaq executives who took senior positions overseeing the Linux business.”

MicroBSD

Posted on by

MicroBSD

“MicroBSDs are stripped down hardened secure version builds. The concept for MicroBSD is a hardend secure Posix1e small foot print OS for x86 (NOW), Alpha/Sun/PPC (Soon) (or other) hardware to use as little hard disk space as possible yet provide fully functional Systems. Based on a complete server model, builds for Firewall/IDS/VPN (NOW). SMTP/WWW/DNS/FTP (Soon) and other combinations will be developed over time. Systems features address all aspects of security. These builds are designed to take the work out of building secured network environments with specific features unique to each one. Basically a Secured manageable system build designed to do specific tasks.” [More….]