Al Macintyre's Radio Weblog : Al's random interests while learning what can be done with Weblogging, and perhaps what ought to be done.
Updated: 11/01/2002; 11:27:21 AM.

 

Home
Al Categories
Al Essays
Blog Links
Organica

Subscribe to "Al Macintyre's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

 
 

Wednesday, October 09, 2002

W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H Volume 7 Issue 47 is really annoyed with Microsoft. 

W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H describes QUOTE security holes in Word so big they defy description. UNQUOTE Subscribe to W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H for the low down on understanding that Microsoft Security is an Oxymoron.  There is a wealth of information in this regular e-newsletter.

Scenario:

  • Bob has access to a file.
  • Alice wants it.
  • Alice sends Bob a document, innocently asking Bob to edit it and return it to her.
  • When it comes back, it contains the file that Alice wanted, and Bob is none the wiser.  Bob cannot block this with anti-virus or any of the usual PC security because this is the way Microsoft Word is supposed to work.
  • or, Word can "phone home" to Alice web site, delivering what she wants.  Bob does not need to send the document back to Alice and she can still get copy of the file she wants. 
    • Woody showed Microsoft step by step exactly how that could be done, Sep 17, and the latest Microsoft press release is still pretending that this capability is not in their software.
    • Oct 5 Woody sent Microsoft a demonstration Word document that when opened, sends Woody the first 230 characters of any file on your PC that he cares to name, to anywhere he cares to send it.
  • Contrary to Microsoft public statement, Alice does not need to know the absolute path to Bob's file.  The person doing the pilfering can use just the name of the file without knowing what directory it is in.
  • You can go after just about any file, such as the passwords file, so long as you know how Windows organizes these things.
  • The ability to do this stuff is what Microsoft calls a feature, so obviously, to Microsoft, this is not something they have any commitment to fixing.

W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H QUOTE

LIES, DAMN LIES, AND MICROSOFT

  Man, am I ticked off.

  On October 8 - yesterday - I received a copy of Microsoft's
  Inside Office Newsletter. Under the headline "Answers to
  Concerns About Security in Word" there's a link to
  , where you'll find the same press release Microsoft posted
  a month ago about the "confusion and speculation"
  surrounding the huge security holes in all versions of
  Word. This is the first time Microsoft has notified its
  customers about Alex's Document Collaboration Spy problem,
  as far as I can tell, and instead of telling something
  resembling the truth, all we get is more obfuscation.
  Recycled obfuscation at that.

 
  Only Microsoft would have the unmitigated gall to lie so
  blatantly, at this late date, and expect their customers to
  swallow it.  I use the term lie quite deliberately,
  Microsoft is still making statements that it knew then and
  knows now are totally false.
 
  YODA tore the press release apart in Woody's Windows Watch
  a couple of weeks ago
   But YODA only knew part of the story: he didn't know
  about the security holes I've been feeding to Microsoft,
  and he hasn't seen the gaping exposures other folks have
  encountered. The truth is far more devastating than
  anything YODA could imagine.
 
  In this issue of Woody's Office Watch, I'm going to show
  you specifically how Microsoft is lying to you.
 
UNQUOTE
 
and Woody does so, with ample examples.
 
BACKGROUND
 
On August 26th Alex Gantman released to a small community of fellow anti-virus analysts details of a new type of security breach in Word, which has many variations and consequences.  He didn’t misuse his discovery but told other computer security specialists through an avenue that Microsoft closely watches.  Therefore Alex did notify Microsoft, at the same time as others.  Microsoft objects to anyone else being told about security problems with Microsoft products, preferring to be the sole clearing house for information and arbiter of what their customers should know.  It was only after Woody published some details in Woody’s OFFICE Watch on September 6th that the mainstream press got a hold of the story. 
 
If you like the no-nonsense straight scoop of W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H, assuming I have done an adequate job of translating / reviewing the latest news on this Microsoft Security is an Oxymoron front, here are some books to look out for from Woody (Al advertisement for Woody here in appreciation for the great education Al gets from Woddy).

Windows XP All-In-One Desk Reference For Dummies", Hungry Minds      http://www.woodyswatch.com/l.asp?0764515489

  "Special Edition Using Microsoft Office XP" with Ed Bott, Que

  "Special Edition Using Microsoft Office 2000" with Ed Bott, Que       http://www.woodyswatch.com/l.asp?0789718421

 
  "Woody Leonhard Teaches Office 2000", Que

4:13:49 PM    

Haven't we often had a dream that we could take over Microsoft and fix many things there?  Well here is a chance for someone to become the new Bill Gates and re-design M$ policies.

  1. Accept this new latest deal.
  2. Insist on a contract in which they guarantee their promises.
  3. We know from past experience that they are incapable of providing security that works.
  4. When Microsoft history repeats, as we are sure that it will, class action law suit of all the victims ends up with new ownership of the company - take them to the cleaners.

[Eclecticity: Dan Shafer's Web Log] QUOTE

Microsoft security for pay.

This is perhaps Microsoft's most outrageous conduct

Anyone who knows me at all knows that I'm no fan of Microsoft. Their recent admission that Word:X isn't compatible with Jaguar and won't be for some unspecified future time has me seeing red. But that's a minor pimple on the ass of computing compared to this admission.
Microsoft: Does it pay to be safe?. An executive says the software maker is considering charging for extra security options and admits that the company didn't move on security until customers were ready to pay for it. [CNET News.com]
This is the functional equivalent of telling a car buyer, "Oh, if you want a car that you can lock so nobody can steal it, that's going to cost you extra." I can't believe that even MS has this much audacity. And it's just further evidence that Microsoft needs to be dealt with much more harshly than it has been by the government and by the marketplace. Every IT manager in the United States who has locked his company into MS should be up in arms. Maybe we need a new policy in corporate America: IT managers who can't find a way to get their companies out of the MS fatal embrace should be fired and replaced with those who can think past the end of their Redmonds.  UNQUOTE [Eclecticity: Dan Shafer's Web Log]
2:29:08 PM    

Thanks [Radio Free Blogistan] for a Great Link, and thanks Seb for a great article, with an immense volume of heavy duty links for us to explore.  It would be great if I could have a printer-friendly version of this (some stuff tends to scroll off right side of my screen and paper).  QUOTE

Personal knowledge publishing and its uses in research. Sébastien Paquet has written an article about the rise of personal knowledge publishing.  UNQUOTE [Radio Free Blogistan]

I added links to this in my Radio Start, which is an outline of what I think a beginner needs to know to avoid significant misconceptions when starting Weblogging with Radio.

P.S. What is the legal significance (if any) of Copy Left (very bottom of Seb's page)?


2:17:04 PM    

[At New York.com] Overview of what's at stake in the Eldred v.s. Ashcroft Copyright Case.
1:26:53 PM    

[Eclecticity: Dan Shafer's Web Log] QUOTE

The Problems With Word on OS X Are Worse Than I Imagined

Word has become, for me at least, almost unusable since my upgrade to Jaguar. Here's what Microsoft's MVP support team has to say on the subject:
Unfortunately, Word is not going to work properly under Jaguar unless Microsoft releases a patch for Microsoft Office. The problems have now been analyzed, and the experts have found that Word v.X is not fully compatible with Jaguar, and there is nothing you can do to make it so.

What incredible garbage. Now what am I supposed to do? I have a publisher waiting for a book. They use Word. Their feedback to me is in Word comments, which are frigging broken in Word on Jaguar. Arrogance screws the little guy once again.

UNQUOTE [Eclecticity: Dan Shafer's Web Log]

Well here is a candidate for a souped up Lindows, since Word works on that Linux package.  Do your word processing on Star Office for Linux and output the document as RTF standard which Word will accept.  Just use Lindows to make the file acceptable to your publishers, and to get at their comments, while you do your real work on the computer of your choice.


12:15:09 AM    


© Copyright 2002 Al Macintyre.



Click here to visit the Radio UserLand website.

 


October 2002
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Sep   Nov