[mso] Re: Microsoft Word flaw may allow file theft
- From: "Greg Chapman" <greg@xxxxxxxxxxxxx>
- To: <mso@xxxxxxxxxxxxx>
- Date: Sat, 14 Sep 2002 08:22:57 -0500
Well, I must not have been entirely clear. The IncludeText field is minor, I
agree. What isn't minor is that my digital signature can be forged. If I
purchase one to sign code with, I'm out a few thousand dollars to keep it
and use it and I'll pay that cost every year. When you open one of my
templates that's signed, you see a macro warning that tells you I invested
in a verified security scheme, that a third party verified who I am and the
fact that I did it is proof that I am using professional methods to deliver
professional product.
My warning was given in a small meeting and I was amazed to see that one
engineer look confused when I asserted that the Office product design puts
the digital signing scheme at risk. It's not just Office devs who sign their
code. Practically all client side web components are signed, etc., and you
wouldn't dare enable one in your browser were it not signed.
Allowing a forgery, tracable or not, is simply not acceptable because it
opens an exposure much larger than Word or Office.
Even if MS does not fix the IncludeText field part of this issue it's still
not the major part of the problem and the news goons missed the point.
What's at risk here is the only source of trust that developers can use with
their customers to verify the source and accountability of code.
Greg
----- Original Message -----
From: "Dian Chapman" <dian@xxxxxxxxxxxxx>
To: <mso@xxxxxxxxxxxxx>
Sent: Saturday, September 14, 2002 12:53 AM
Subject: [mso] Re: Microsoft Word flaw may allow file theft
>
> Sorry Greg...I know this is all a sore spot, but regarding this
> particularly issue...it's been a known fact for years and I personally
> consider it more of an issue such as Master Docs. It SHOULD work as
> expected, but doesn't...never has. So it's not like some big mystery
> that Woody has just uncovered...since he and many of use have know about
> it before...this "bug" with IncludeText has been a sidelines issue for
> years!
>
>
> Dian Chapman
> Technical Consultant, Instructor,
> Microsoft MVP & TechTrax Editor
>
> Word AutoForm/VBA eBook: http://www.mousetrax.com/books.html
> Tutorial web site: http://www.mousetrax.com/techpage.html
> TechTrax Ezine: http://www.mousetrax.com/techtrax/
>
*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or
MicrosoftOffice@xxxxxxxxxxxxxxxx
To send mail to the group, simply address it to mso@xxxxxxxxxxxxx
To Unsubscribe from this group, send an email to
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe
Or, visit the group's homepage and use the dropdown menu. This will also allow
you to change your email settings to digest or vacation (no mail).
//www.freelists.org/webpage/mso
To be able to use the files section for sharing files with the group, send a
request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with
instructions. Once you are a member of the files group, you can go here to
upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************
Other related posts:
