Microsoft Office for Windows Has Security Flaws in Word, Excel - 1,306 Views, 1 Comment
|
Previous Article « OptOutByDomain.com Launches
Read Next Article » Fighting Back Against Blog Spam
Hongjun Wu, who has written a paper on the subject, says that “A lot of information could be retrieved from those encrypted files. If anyone has used the encryption in Microsoft Office…then it is time for him/her to assess the damage that has been caused.” Wow, that’s pretty straight-forward. Said a Microsoft spokesperson, speaking to CNet news, “Our early investigation indicates that this issue poses a very low threat for customers. In some cases, an attacker may be able to read the contents of an encrypted file, if multiple versions of that file are available to the attacker. The attacker would need to have access to two distinct files with the same name that are protected by the same password in order to attempt to exploit the vulnerability.” Once the investigation is completed, said Microsoft, ” Microsoft will take the appropriate actions to protect customers, which may include providing a security update through our monthly release process.”
Follow Anne on Twitter
Friend Anne on Facebook
A cryptographer at the Singapore-based Institute of Infocomm Research has determined that there are serious security flaws in Microsoft Word and Excel in terms of their encryption for password protection of documents.
Microsoft Office for Windows Has Security Flaws in Word, Excel
Twitter Explained in Plain English
Previous Article « OptOutByDomain.com Launches
Read Next Article » Fighting Back Against Blog Spam
Read more:
» Security Hole in Microsoft Excel
» Microsoft Windows Unsafe at Any Speed - Sees Two New Security Flaws Every Week!
» Microsoft Windows Security Updates for October - 3 Critical!
» No Wait, These Ã…re the Last Two Windows Holes of the Year
For additional similar stories check out our archives on Security, Windows
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
Let me get this straight. If you save private information with a key, and use the same key on another document. Then another person could get your private information easily, and that just “poses a very low threat for customers.”
Unless you have photograpich memory, chances are you have use the same password for more than one document. Chances also are that those documents are in the same computer. Thus the person that have access to one, will have access to the other. Its also reasonable to asume that if you took the trouble to password protect a file that that data is confidential. In other words, if a person have access to your files, he will also have access to your confidential information. And that is what Microsoft deems a “very low threat”. Maybe for them, but certainly not for the customer.
Comment by Ricardo Xantos — 1/21/2005 @ 9:02 am