Date:         Fri, 19 Jun 1998 13:48:48 -0500
From:         Mike <mike@WOWDX.NET>
Subject:      Word 98 Insecurity

When fooling around with Word 98 on the Macintosh, I found the following
SEVERE insecurity.

1.  Open a few documents, work on your Macintosh for a while.
2.  Open word 98 and compose a message, then save it to your dirve.
3.  Attach the document to an email, and send it.
4.  open the resulting document from the email when you receive it in BBEdit.

The file can be read plain text with all sorts of juicy information like
passwords, URLS, document locations, etc, all from the origionating
computer.  We have been able to successfully gleam passwords and logins
from the file, IN PLAIN TEXT.  It contains information that is MONTHS old
from the orginating computer.

This was tested only on the Macintosh version of Word 98, and the emails
were sent via Eudora.

NOTE:  This is not specifically an email problem.  If you open the saved
document on your harddrive - you get the same results!

Could someone please confim this problem occurs on a PC as well.

Microsoft has not yet been notified (hopfully they are on the list :)

It seems (not that I know too much about this sort of thing) that when the
word document is saved, for some reason it is grabbing buffer informtion
from the computer to fill up space in the file.  I guess you can figure out
what kind of insecurity this could be!!!!

Cheers

Mike

 --------------------------------------------------
| Mike Morton       DXStorm Geek Team Leader       |
|                                                  |
| mike@dxstorm.com  | DXShop ...Open For Business! |
 --------------------------------------------------
|   Quality Developers of Above Quality Solutions  |
|           http://www.dxshop.com                  |
 --------------------------------------------------

-----------------------------------------------------------------------------

Date:         Mon, 22 Jun 1998 07:52:11 -0500
From:         Mike <mike@WOWDX.NET>
Subject:      Microsoft Insecurity...

Well!  After an overwhelming response from everyone, just a summery of the
conclusions:

1.  This is a Microsoft Application problem, from Word, excel, etc from way
back as far as Word 2.0

2.  This has been reported before to Microsoft, without any kind of
response or patch, etc

3.  The problem is that the Microsoft Applications take RAM or Buffer
blocks to fill out application files - reading plaintext, etc,
indiscriminately.

4.  Suggestions to turn off the 'Fast Save' option help, but do not by any
means eliminate the problem.

5.  There is no other Fix - other than not attaching an application
document to send to anyone who could possibly use it maliciously.

6.  I think I have heard the opinions from everyone EXCEPT any sort of
Microsoft rep, surprised?

7.  It would be a simple fix of encrypting the 'fill' information with a
simple MD5 encryption or something similar, just to eliminate any plaintext.

Thanks to everyone for their suggestions and information....

Cheers

Mike

 --------------------------------------------------
| Mike Morton       DXStorm Geek Team Leader       |
|                                                  |
| mike@dxstorm.com  | DXShop ...Open For Business! |
 --------------------------------------------------
|   Quality Developers of Above Quality Solutions  |
|           http://www.dxshop.com                  |
 --------------------------------------------------

-----------------------------------------------------------------------------

Date:         Mon, 22 Jun 1998 10:00:45 -0700
From:         Courteney van den Berg <cjv@RBMI.ORG>
Subject:      Re: Microsoft Insecurity...

This is an OLE structured storage problem, not a Microsoft application
problem (although very few non-Microsoft apps use OLE structured storage). 
It was fixed on Windows95 a long time ago by an OLE patch (see MS KB article
Q139432).  Microsoft need a kick in the pants for leaving such an old bug in
their latest release of MAC OLE though.  I guess the MAC OLE source is
probably based on an ancient version of the PC OLE code.

CJ van den Berg
Computer Information Systems Department
CfaN
cjv@cfan.org