OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Microsoft Word documents that "phone" home
From: Microsoft Security Response Center (secureMICROSOFT.COM)
Date: Wed Aug 30 2000 - 22:14:37 CDT

Microsoft has posted a response to this advisory,
entitled "Cookies and Word Documents", available at
http://www.microsoft.com/technet/security/cookie.asp

It is also accessible under "Headlines" at
www.microsoft.com/security

Regards,
SecureMicrosoft.com

-----Original Message-----
From: Richard M. Smith [mailto:rmsPRIVACYFOUNDATION.ORG]
Sent: Wednesday, August 30, 2000 7:53 AM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Microsoft Word documents that "phone" home

Hi,

The Privacy Foundation has just released an advisory
on an issue that we discovered earlier this month
in Microsoft Word. We found that it is possible to
embedded "Web bugs" in Word documents. The Web bugs
allow the author of a document to track via the Internet
where a document is being read. The trick could be used
to monitor leaks of confidential documents from a
organization to outsiders as well as detecting
copyright violations. In addition, it is also
possible to place Web bugs in individual paragraphs
and detect when the text is copied from one Word
document to another.

The complete advisory is available at the Foundation's
Web site:

   http://www.privacyfoundation.org/advisories/advWordBugs.html

A demonstration "bugged" document for Word 97 and Word 2000
has been set up at:

   http://www.privacycenter.du.edu/demos/bugged.doc

We also found that Excel 2000 spreadsheet files and
PowerPoint 2000 slideshows can be "bugged" in the same
manner.

Richard

================================================
Richard M. Smith
Chief Technology Officer
Privacy Foundation

Email: rmsprivacyfoundation.org
http://www.privacyfoundation.org
================================================

  • application/x-pkcs7-signature attachment: smime.p7s