Slashdot Mirror
Microsoft Word Security Flaw
JWL-23 writes: "cnn.com is reporting that a Microsoft Word flaw may allow file theft. Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold. Yet another reason to try OpenOffice.org." It still takes more than running Word to expose the contents of your hard drive though.
that qualcomm (maker of the eudora PIM/email client) was the company that found the bug? not that I like microsoft, but somehow this was a sneaky way to undermine microsoft by releasing to the public such a huge bug.
I just wonder... did qualcomm try to blackmail microsoft first, before releasing the "scoop" on the bug?
I'm not making any accusations *cough*, but does this strike anyone else as a great addition to Microsoft's "fuck them over and make them upgrade" business model? Leave a product full of security flaws, and, years later, when people aren't upgrading to the new version, refuse to fix security flaws in the old versions.
t tp://news.com.com/2100-1001-253578.html?legacy=c net
Refer to:
http://news.com.com/2100-1001-273276.html
h
I'm on the same boat. I definately couldn't fix security holes in the software I run (especially considering that I'd have to have a fscking HUGE /usr/src partition). Even if I could, I don't know if I would trust the patch since:
1: I didn't write the software in the first place.
2: I'm not a full time programmer, I'm an administrator.
Can all fish swim?
Insane. You know, if Isuzu discovered a fatal flaw in all Rodeos going back through 1997 yet announced they were only going to provide fixes for models '00, '01 and '02 there would be a congressional investigation.
Completely insane.
http://kered.org
what a great way to kick Office XP (or maybe even Office 2000) sales way up. Remember when Office XP came out, and everyone said that there weren't enough new features or incentives to upgrade? Some people reported that they still used Office 97. Well, here's your incentive. Miscellaneous people 'stealing' Word docs.
:).
It makes me wonder if MS marketing is blowing the bug way out of proportion -- the average user hears 'Word 97 will let people STEAL your documents' and runs down frantically to the local CompUSA and buys a copy (or 2 or 3, depending on how many machines, of course
I haven't seen a proof of concept or anything, but I wonder how serious this bug really is. Just my $0.02 US.
View some of the past word docs you've received in a hex editor...
Near the bottom there is often information from other documents of the sender that they were recently working on. I don't know why it saves this. Maybe something to do with the undo buffer?
At work I used to look at internal memos that would be sent out on a weekly basis and find out all sorts of other stuff that was going on.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
"Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold. Yet another reason to try OpenOffice.org."
They say that like other companies don't orphan software after 5 years. Programs become obsolete. Are we to ask Adobe to support Photoshop 4 still after it's had (at least) two major releases after it?
I'm only coming from personal experience, in particular an experience we had at work with SaMBa.
We had this paper tiger straight from the "newbie factory" of the local college. We had a task for a particular client, which boiled down to a fileserver with a big shared folder for images (photos).
So, this kid starts immediately frothing at the mouth about linux and SaMBa. He lied (probably out of ignorance) about how it's completely seamless on a Win2k network. He ranted about how much we'll save by not having to pay to liscense another copy of Win2k for the client.
Well, he got the marketing types convinced. Next thing I know, we're (we as in ME, I do the work around here) knee deep in all the kludges, hacks and nonsense involved in getting the SaMBa box to work exactly as we wanted it to, logging onto the Win2k domain, retrieving user lists, faking NTFS security, etc.
The management, the client, everyone involved became increasingly frustrated.
Long story short, we pissed away countless man-hours before finally acquiescing and just installing another Win2k pro box, which took all of 5 minutes to configure.
The kid has since left, and now about 6 months later, I have other projects that scream for the likes of linux, SaMBa, MySQL. Noone in this office wants to hear it, and think I've become some sort of zealot.
To me, it's just a matter of the right tool for the right job. SaMBa wasn't the right tool for that task, but it is for others. But the frenzied ideology has basically driven it out of this office, at least for the time being.
It's just an anecdotal example of how one well-meaning zealot can do much more damage than good. It happens to be one of my pet peeves.
So, in the meantime, I continue to advocate OSS solutions where they're practical. And its slowly but surely working. I was actually allowed to use a spare pentium box and CoyoteLinux to replace a buggy router in our testing 'bullpen'.
I guess I don't see OSS as 'a cause'. I try to think through problems logically and practically. Sometimes OSS is a logical, practical solution. Sometimes not. I just hate my options being slowly limited as people in the 'industry' line up on one side of the imaginary fence of the other.
I don't need no instructions to know how to rock!!!!
Rather than penalizing them, this "fixes in current versions only" policy makes it PROFITABLE for the software vendor to write flaws into the code. They are acutally better off selling products that have serious proiblems.
"Now that we got you hooked and your company has stadardized on our product and all of your documents are in our proprietary format...if you want a version that really works (or doesn't possibly expose your data to damage), pay us $200 (a year) for the upgrade!"
Ever dream you could fly? Get up from the Flight Sim. I Fly