[mso] Re: Microsoft Word flaw may allow file theft

• From: "Dian Chapman" <dian@xxxxxxxxxxxxx>
• To: <mso@xxxxxxxxxxxxx>
• Date: Fri, 13 Sep 2002 16:19:53 -0500

I just see it as having a party at your house. You invite friends over
and you have to trust that while you're not watching...no friend will
swipe anything from your house.

Whereas, if you invited a stranger over to your house, you would want to
take more precautions when this person is left alone...because the trust
issue is less.

So if someone you know send you a file and asks you to edit it and send
it back...it's a matter of trust that you assume they'll not be trying
to swipe files.

If it's a stranger...use a different level of precaution.

And when in doubt...just scan the file and SEE if they hid an
INCLUDETEXT field code that is requesting a personal file on your
system.

As I said...just as you would check a macro from a stranger.

The alternative is to not allow any macros...which would be a nightmare!
The alternative to this is to either not allow include files or have a
ton of warnings that you have to deal with when you return a legit file.


As usual, this means that because of a very remote possibility of a
problem...legit users will have many hassles to get around this issue.

It's kinda like...be careful what you wish for. If you want a totally
secure environment...you can forget about enjoying it!


Dian Chapman
Technical Consultant, Instructor,
Microsoft MVP & TechTrax Editor

Word AutoForm/VBA eBook: http://www.mousetrax.com/books.html
Tutorial web site: http://www.mousetrax.com/techpage.html
TechTrax Ezine: http://www.mousetrax.com/techtrax/

-----Original Message-----
From: mso-bounce@xxxxxxxxxxxxx [mailto:mso-bounce@xxxxxxxxxxxxx] On
Behalf Of Renaud, Parker
Sent: Friday, September 13, 2002 2:58 PM
To: 'mso@xxxxxxxxxxxxx'
Subject: [mso] Re: Microsoft Word flaw may allow file theft



Dian-

I think a lot of this hubbub is due to the media's animosity towards
Microsoft. Many members of the media go out of their way to trash
Microsoft any chance they get. Those same members of the media seem to
have little or no understanding of the technical aspects of their
stories.

I agree with you on this one. The circumstances that would lead to
losing files from your PC are very unlikely to happen AND your active
participation is required.

Parker Renaud
IT Manager
Colliers Keenan Inc.
803-401-4264
prenaud@xxxxxxxxxxxxxxxxxx 


-----Original Message-----
From: Dian Chapman [mailto:dian@xxxxxxxxxxxxx]
Sent: Friday, September 13, 2002 3:35 PM
To: mso@xxxxxxxxxxxxx
Subject: [mso] Re: Microsoft Word flaw may allow file theft



Actually, it's a matter of trust. I could easily send you a document and
trash your computer and you'd never know the difference. Later you'd
suddenly realize you were missing tons of important files and you would
never know it was me that trashed your system. 

But if they disabled every "feature" in Word that allowed collaboration,
why even bother using computers!

This is not so much as a security hole, as everyone is SUDDENLY talking
about...even though it's been there for YEARS...as it is a matter of
trusting the folks with whom you do business. If someone sends you a
file to edit and you don't trust them...scan it. Just as you might look
at VBA code before you run it...or disable a macro from someone you
don't know. 

I hope MS DOESN'T worry about this one...cos' I'd hate to see some dev
trash an important field feature on the odd chance that someone might be
able to swipe a file from your system.

Sorry, but I find it funny that folks would worry about this far out
scenario happening, yet they have no problem running email scripts to
see pretty pictures in their email...from who knows who...which has such
a larger potential for trashing your system.

Dian Chapman
Technical Consultant, Instructor,
Microsoft MVP & TechTrax Editor

Word AutoForm/VBA eBook: http://www.mousetrax.com/books.html
Tutorial web site: http://www.mousetrax.com/techpage.html
TechTrax Ezine: http://www.mousetrax.com/techtrax/

-----Original Message-----
From: mso-bounce@xxxxxxxxxxxxx [mailto:mso-bounce@xxxxxxxxxxxxx] On
Behalf Of Linda F. Johnson
Sent: Friday, September 13, 2002 2:26 PM
To: mso@xxxxxxxxxxxxx
Subject: [mso] Re: Microsoft Word flaw may allow file theft



Yes Charles...it refers to Word 97 which is part of Office 97...and it
does indeed stink...and Microsoft seems to be ignoring the Word 97
users....their suggested solution is to view field codes in all
documents...what a joke, eh?

Geeesh.

Linda
Publisher ~ ABC ~ All 'Bout Computers
Owner ~ Linda's Computer Stop http://personal-computer-tutor.com
FREE MS Office eBook Tutorial
http://personal-computer-tutor.com/library.htm
 


-----Original Message-----
From: mso-bounce@xxxxxxxxxxxxx [mailto:mso-bounce@xxxxxxxxxxxxx] On
Behalf Of Charles R. Buchanan
Sent: Friday, September 13, 2002 3:13 PM
To: MS Office Mailing List
Subject: [mso] Microsoft Word flaw may allow file theft



I'm not certain this pertains to MS Word within MS Office, if not then
forgive the off topic post!



*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx
or MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will
also allow you to change your email settings to digest or vacation (no
mail). //www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group,
send a request to mso-moderators@xxxxxxxxxxxxx and you will be sent an
invitation with instructions.  Once you are a member of the files group,
you can go here to upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************

*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx
or MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will
also allow you to change your email settings to digest or vacation (no
mail). //www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group,
send a request to mso-moderators@xxxxxxxxxxxxx and you will be sent an
invitation with instructions.  Once you are a member of the files group,
you can go here to upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************
*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx
or MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will
also allow you to change your email settings to digest or vacation (no
mail). //www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group,
send a request to mso-moderators@xxxxxxxxxxxxx and you will be sent an
invitation with instructions.  Once you are a member of the files group,
you can go here to upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************

*************************************************************
You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or 
MicrosoftOffice@xxxxxxxxxxxxxxxx

To send mail to the group, simply address it to mso@xxxxxxxxxxxxx

To Unsubscribe from this group, send an email to 
mso-request@xxxxxxxxxxxxx?Subject=unsubscribe

Or, visit the group's homepage and use the dropdown menu.  This will also allow 
you to change your email settings to digest or vacation (no mail).
//www.freelists.org/webpage/mso

To be able to use the files section for sharing files with the group, send a 
request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with 
instructions.  Once you are a member of the files group, you can go here to 
upload/download files:
http://www.smartgroups.com/vault/msofiles
*************************************************************

• References:
  • [mso] Re: Microsoft Word flaw may allow file theft
    • From: Renaud, Parker

Other related posts:

• » [mso] Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft
• » [mso] Re: Microsoft Word flaw may allow file theft

1. Home
2. mso
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---