Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: Microsoft Office security bug

Re: Microsoft Office security bug

Aleph One (aleph1DFW.NET)
Tue, 11 Nov 1997 21:44:57 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Darren Reed: "What were the opcodes to hang a Pentium again? (fwd)"
Previous message: Travis Hassloch: "Re: Intel Pentium Bug"
In reply to: Inigo Gonzalez: "Re: Microsoft Office security bug"

On Tue, 11 Nov 1997, Inigo Gonzalez wrote:

>   I am no expert on Win32 / OLE-COM-ACtiveX; but it seems that
> this isn't Office Fault; but OLE one's.
>
>   AFAIK, every OLE container is responsible of its own data;
> in this case, you tell Word to cipher his own data, and
> Excel/Visio/etc... data is not Word bussiness so it's not
> ciphered.
>
>   Remember: When you talk to OLE objects, you delegate them
> a part of your file + archiving capabilities.

Your are correct. But it matters little. The users expectation is that all
of the document will be encrypted, including any embeded objects.
Obviously this is not the case. How would you feel if you found out that
that your Netscape or IE browser only encrypted the body of email messages
using S/MIME but not any attachments?

Aleph One / aleph1dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

Next message: Darren Reed: "What were the opcodes to hang a Pentium again? (fwd)"
Previous message: Travis Hassloch: "Re: Intel Pentium Bug"
In reply to: Inigo Gonzalez: "Re: Microsoft Office security bug"