Re: Microsoft Insecurity...

[cjv () RBMI ORG (Courteney van den Berg)]

This is an OLE structured storage problem, not a Microsoft application
problem (although very few non-Microsoft apps use OLE structured
storage).  It was fixed on Windows95 a long time ago by an OLE patch
(see MS KB article Q139432).  Microsoft need a kick in the pants for
leaving such an old bug in their latest release of MAC OLE though.  I
guess the MAC OLE source is probably based on an ancient version of the
PC OLE code.

CJ van den Berg
Computer Information Systems Department
CfaN
cjv () cfan org

> -----Original Message-----
> From: Mike [mailto:mike () WOWDX NET]
> Subject: Microsoft Insecurity...
>
> Well!  After an overwhelming response from everyone, just a
> summery of the
> conclusions:
>
> 1.  This is a Microsoft Application problem, from Word,
> excel, etc from way
> back as far as Word 2.0
>
> 2.  This has been reported before to Microsoft, without any kind of
> response or patch, etc
>
> 3.  The problem is that the Microsoft Applications take RAM or Buffer
> blocks to fill out application files - reading plaintext, etc,
> indiscriminately.
>
> 4.  Suggestions to turn off the 'Fast Save' option help, but
> do not by any
> means eliminate the problem.
>
> 5.  There is no other Fix - other than not attaching an application
> document to send to anyone who could possibly use it maliciously.
>
> 6.  I think I have heard the opinions from everyone EXCEPT any sort of
> Microsoft rep, surprised?
>
> 7.  It would be a simple fix of encrypting the 'fill'
> information with a
> simple MD5 encryption or something similar, just to eliminate
> any plaintext.
>
> Thanks to everyone for their suggestions and information....
>
> Cheers
>
> Mike