Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Microsoft's OOXML a Potential Security Hazard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Right or wrung with Open XML

,----[ Quote ]
| That is right, as Office 2007 files that contain macros use just another file 
| extention: .docm (Word Microsoft Office Open XML Format Document with Macros 
| Enabled), xlsm, pptm, etc.  
| Right or wrung theory?
| 
| What if the wringer is just a psychological tool to get users to adopt Open 
| XML as a format? A kind of witch doctor trojan to infect your computer with 
| the Open XML format conversion because you are afraid of viruses? Oh, they 
| would never do that. I trust them. And trust is all about security. They know 
| what's best for me and work hard to make my computer more secure and benefit 
| my user experience with Open XML.     
`----

http://www.noooxml.org/forum/t-84857/right-or-wrung-with-open-xml

Rex talked about it not so long ago. Perfect back door mechanism.


Related:

Printer binary and ECMA tries duck and cover

,----[ Quote ]
| In short it means ECMA finds Open XML shall remain an incomplete specified 
| and inconsistent format. Some elements are still (in the spec undocumented) 
| binary. It is hard to understand why DEVMODE structures cannot be transformed 
| to XML for consistency reasons. Ah! "High-fidelity" of course which means 
| everything but in particular that your XML format is a projection of the 
| binary format, also by some referred to as a "dump" of the old legacy format. 
| Even more fidelity is guaranteed when you just take the binary. In wonder why 
| the drafters of the format started this WordprocessingML and didn't add 
| support for the highest fidelity of the doc format inside the open packaging 
| zip container.         
`----

http://www.noooxml.org/forum/t-36122/printer-binary-and-ecma-tries-duck-and-cover


Legacy format FUD

,----[ Quote ]
| From CyberTech Rambler (and Slashdot) comes the news that the Office 2003 
| Service Pack #3 disables (blocks) access to a number of legacy document 
| formats. Details are in this MS support article. Formats so blocked include 
| legacy Lotus 1-2-3 and Corel Quattro Pro formats. Why? According to the 
| Microsoft support article, "By default, these file formats are blocked 
| because they are less secure. They may pose a risk to you.".     
| 
| [...]
| 
| Now it may be entirely possible that these old import filters in Excel are 
| poorly written and poorly maintained and that Microsoft may be trying to 
| reduce the overall security exposure of MS Office by ditching old code that 
| is not strategic for them. But call it that. The MS Office code has the 
| problem. Don't malign the formats. Don't make up some untenable story that 
| DIF format is "less secure" and "may pose a risk for you".     
`----

http://www.robweir.com/blog/2008/01/legacy-format-fud.html


Office 2003 Service Pack Disables Older File Formats

,----[ Quote ]
| In Service Pack 3 for Office 2003, Microsoft disabled support for many older 
| file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw 
| documents, watch out!   
`----

http://it.slashdot.org/article.pl?sid=08/01/01/137257&from=rss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki5+RgACgkQU4xAY3RXLo6geACfWJL09eP6LTN952d7QQfb0ek3
I2MAoIgdn3BUqm2cYtuQa9oNGijojTQM
=wLSB
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index