Slashdot Mirror
Microsoft Word Forms Passwords Hacked
An anonymous reader notes: "SecurityFocus has published a hack that can be used to unlock Microsoft Word documents that have been password protected. The 'secure' file can easily be edited and the original password re-inserted, removing any trace of the modification. A ZDNet UK article says Dell uses password protected Word files to send quotes, which could make for a messy legal battle." This feature, known as 'Password to Modify', is not the password protection on the document itself, just the protection that restricts unauthorized editing of the file. This hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.
Come to think of it, I can't think of a real position where this could be a problem. What would someone do, host protected
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
Another case of "if you build it I'll break it"
Anything built by man can be cracked by man.
DRM is useless bloatware.
The real solution is a digital signature. Anyone to whom that is not obvious shouldn't be putting security measures in commercial products.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
The fact that it can't determine your actual password is a good thing. Not for the security of that particular document, obviously, but for the security of other things you may have used the same password for.
This could become a very large legal problem for Word users that rely on this type of protection to (legally) prove that files have not been tampered with (think FDA submissions for pharmacuticals).
I see this being a larger problem in the future, when MS Office DRM is used on most files assuming that these files will follow the orderes encoded into their DRM. Imagine a file that is supposed to self-destruct in 10 months as part of a document retention lifecycle. Two years from now, a tape backup of that file is subpoenad and the DRM is hacked so that the file is openable, leaving said company liable for its contents previously thought destroyed.
I don't mean to rag on Microsoft or its protection schemes, more on those who use these weak means as a method of security in their infrastructure. A good server-based file protection model will always trump a good in-file-based protection model.
__________
Love conquers all... except CANCER
I saw a good point the other day that US export laws on cryptography were fairly stupid when you consider that other countries have the skills/intelligence to develop strong cryptography outside the US in the first place. For example, RSA was originally developed in the UK.
> OK, I'm not saying that Microsoft's totally without guilt here but just how far do people think they need to go with regards to securing passworded files? 48-bit encryption? 128-bit? 160-bit with triple DES? At what stage does the encryption become overkill?
So long as we ride the Moore Curve, overkill degrades to underkill at a rate of about one bit per 18 months. So if you want your document to be secure in perpetuity, you'd better use a lot of bits.
Sheesh, evil *and* a jerk. -- Jade
The locks on these files are very similar to locks found on standard filing cabinets. They are there to prevent tampering, keeping people out of places they really shouldnt be- sensitive, but not absolutely secret stuff. Secure they are not. I have used these things before, and I can tell you, its pretty clear they are not using any heavy duty security. I do not see how anyone intelligent could really see them as otherwise. You dont have to read a EULA to realize there is no watermarking, no digitial signature, no complex scheme of any sort behind it. I put last year's tax records in a filing cabinet, but I wouldnt keep the deed to my house or my the account number to my secret account in the cayman's in there, I would buy a safe. Same concept here.
I would like to see this hack become a feature in OpenOffice.
First of all, if you read the article, you will understand that Microsoft has not been advertising these "Word document passwords" as true security mechanisms. Microsoft has been pushing its new DRM Features in Office 2003 as the Microsoft-approved method to secure Office documents.
In fact, I doubt Microsoft really put much effort into making these document-modification passwords all that secure. They have been around for quite some time, and I doubt they have changed much or improved much over the years. I don't know anyone who was relying on these document passwords for their security, and Microsoft did not advertise this as a great feature of Word. In fact, the bug itself is limited in scope to protecting Word FORMS from being modified.
In any case, the new DRM features in Office 2003 are much more sophisticated and will no doubt be much more difficult to crack. THESE are the security features that Microsoft is pushing today, and if you really want to lambast Microsoft Security, then you must point out a way to subvert these newer technologies that Microsoft is actually pushing.
It would be very big news indeed if someone could succeed in copying an Outlook 2003 email marked with a "Do Not Forward" permissions flag. Indeed, if someone could even READ such an email on an unauthorized email client, Microsoft's newest security policies would be questionable. Until then, I'm not convinced this is anything more than FUD trying to convince people that Office is inherently insecure.
Reminds me of an electrician I knew that always worked on wires live. That way, he claimed, he was certain to be careful.
He was pretty old, too, so I guess it worked...
--RJ
its a dumb password scheme because it was meant to be a dumb password scheme. Its a simple one way hash. It is a document, a self contained, meant to be passed around entity. Even if they used some complex password scheme, it would still not be difficult to brute force it, and thus make it inherently insecure. So I bet they had a design meeting at some point and said, "hey, the customers want a feature to prevent snooping/tampering of docs, lets put a simple lock feature on them" knowing full well that it was not secure. Considering that a document is a passed around, meant to be distributed, entity without centralized tracking or control, it would be very difficult to put real security on them, and nowhere have I seen MS office targeted as the "secure way" to store data. A company using this for invoices and such is just plain crazy. Its like complaining about the insecurity of a soft top convertible. Or that the jack that came with your car wouldnt hold the weight of your friend's truck (I mean its a jack isnt it?, there is nothing on there that says it wont jack up a truck) You cant ever trust the client, ever. Thats a cardinal tenet of security. Thats why we have barcodes, and no longer just put little pricetag stickers on products and ring up whatever is on them. You also wouldnt trust the little tiny lock on a diary to hold the wild stories of your other life as a transexual gay man, at least not without hiding the thing damn well when your family is over to visit. Im getting offtopic here, but the point is, MS Word in no way shape or form tries to be a secure document system, and trusting your business or very secret information to it is just silly.
sir, please read the fine post.
This came up at work. What happens if: You send out a contract as a Word doc email attachment. Customer changes the language of the contract, signs it, prints it, then mails it back. We could easily sign that without noticing the difference.
We decided to send out digitally signed PDFs instead.
I'm sure that some people here are laughing at Microsoft for its "lax security." Of course if you really wanted to protect a Word document you could use Office 2003's built-in encryption features, which rely on Windows Rights Management. Yet the people who criticize Microsoft for Word's "security hole" are also the most vocal opponents to anything having to do with trusted computing, including Windows Rights Management. You can't have it both ways, you know. You can either accept that Microsoft's WRM already has a solution to this issue, or you decide that the additional security that WRM provides isn't worth the imagined "privacy and freedom" implications. But don't say that MS should make their file formats more secure while at the same time dismissing WRM.