Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Word Security Flaw

Posted by timothy on from the remember-word-viruses-fondly dept.

JWL-23 writes: "cnn.com is reporting that a Microsoft Word flaw may allow file theft. Furthermore, they plan on not fixing Word 97, leaving millions of users out in the cold. Yet another reason to try OpenOffice.org." It still takes more than running Word to expose the contents of your hard drive though.

2 of 450 comments (clear)

  1. Check this out... by Mustang+Matt · · Score: 5, Interesting

    View some of the past word docs you've received in a hex editor...

    Near the bottom there is often information from other documents of the sender that they were recently working on. I don't know why it saves this. Maybe something to do with the undo buffer?

    At work I used to look at internal memos that would be sent out on a weekly basis and find out all sorts of other stuff that was going on.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  2. Re:Ridiculous by stratjakt · · Score: 5, Interesting

    I'm only coming from personal experience, in particular an experience we had at work with SaMBa.

    We had this paper tiger straight from the "newbie factory" of the local college. We had a task for a particular client, which boiled down to a fileserver with a big shared folder for images (photos).

    So, this kid starts immediately frothing at the mouth about linux and SaMBa. He lied (probably out of ignorance) about how it's completely seamless on a Win2k network. He ranted about how much we'll save by not having to pay to liscense another copy of Win2k for the client.

    Well, he got the marketing types convinced. Next thing I know, we're (we as in ME, I do the work around here) knee deep in all the kludges, hacks and nonsense involved in getting the SaMBa box to work exactly as we wanted it to, logging onto the Win2k domain, retrieving user lists, faking NTFS security, etc.

    The management, the client, everyone involved became increasingly frustrated.

    Long story short, we pissed away countless man-hours before finally acquiescing and just installing another Win2k pro box, which took all of 5 minutes to configure.

    The kid has since left, and now about 6 months later, I have other projects that scream for the likes of linux, SaMBa, MySQL. Noone in this office wants to hear it, and think I've become some sort of zealot.

    To me, it's just a matter of the right tool for the right job. SaMBa wasn't the right tool for that task, but it is for others. But the frenzied ideology has basically driven it out of this office, at least for the time being.

    It's just an anecdotal example of how one well-meaning zealot can do much more damage than good. It happens to be one of my pet peeves.

    So, in the meantime, I continue to advocate OSS solutions where they're practical. And its slowly but surely working. I was actually allowed to use a spare pentium box and CoyoteLinux to replace a buggy router in our testing 'bullpen'.

    I guess I don't see OSS as 'a cause'. I try to think through problems logically and practically. Sometimes OSS is a logical, practical solution. Sometimes not. I just hate my options being slowly limited as people in the 'industry' line up on one side of the imaginary fence of the other.

    --
    I don't need no instructions to know how to rock!!!!