[Am-info] Fwd: WOW #7.43 - That ain't a Word label Bug, It's a Feature
Gene Gaines
gene.gaines@gainesgroup.com
Thu, 12 Sep 2002 12:55:01 -0400
Take a look at Item 1 in Woody's Office Watch newsletter, below.
Goes into more detail about the exploit than I have seen before.
Gene Gaines
This is a forwarded message
From: Woody's Office Watch <wow-robot@woodyswatch.com>
To: xxxxxx
Date: Thursday, September 12, 2002, 12:23:17 PM
Subject: WOW #7.43 - That ain't a Word label Bug, It's a Feature
=================Original message text===============
--==>> WOW -- WOODY's OFFICE WATCH <<==--
Weekly advice and commiseration from
Woody Leonhard, Certified Office Victim
12 September 2002 Vol 7 No 43
>>>>>>>>>>>>>>>> LOST YOUR PASSWORD? <<<<<<<<<<<<<<<<
Password recovery tools for Excel, Word, Outlook, Access,
Windows NT, Exchange, Lotus, Schedule, Mail, Backup and more!
Easy to use, powerful and *affordable*.
>> Get your FREE demo NOW from http://www.LostPassword.com <<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The latest issue of Woody's Office for Mere Mortals starts
filling in the background you need to protect yourself
against the "Document Collaboration Spyware" exploit I
talked about last week. I've decided to start with the
minimum amount of information you need to identify the
"spy" field code. If Microsoft decides to patch Word 97
(see the first article below), I'll stop at that point. On
the other hand, if MS doesn't patch Word 97, I'll give you
all the details you'll need to convince yourself (and your
boss!) that Word 97 contains a huge security exposure that
renders it unusable in all but the most restricted
circumstances. To subscribe to WOW-MM with the same address
that received this issue of WOW, click here:
http://woodyswatch.com/wowmm/subscribe.asp?e=genegaines@earthlink.net
(or mailto:wowmm@woodyswatch.com).
1. Microsoft's Conundrum with Word 97 Spyware
2. Top Tip: That Ain't a Label Bug, It's a Feature
3. Your Spyware Questions Answered
4. More Security Headaches - GreyMagic Strikes Again
5. An Even Better Way to Send Mail to a Category
6. Scheduling Outlook Tasks
7. Keep WOW Alive and Free
>> Recover your IMPORTANT Office files at www.OfficeRecovery.com <<
Data recovery for Word, Excel, PowerPoint, Access, Exchange files.
Modules available standalone and in handy OfficeRecovery suites.
Got Office? Get OfficeRecovery! Use yourself, tell a colleague.
*** Click http://www.OfficeRecovery.com for a FREE demo ***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. MICROSOFT'S CONUNDRUM WITH WORD 97 SPYWARE
Last week I told you about Alex Gantman's "Document
Collaboration Spyware" exploit in Word 97. In a nutshell:
if you use Word 97 to edit a Word document sent to you by
someone else, and you return that document to them, the
document may contain a copy of any file on your computer.
The copied file isn't visible in Word - no matter what you
do in Word, you can't see the data that's been scarfed up
and inserted in the document. But the data is clearly
visible using Notepad or Wordpad.
In fact, the exploit is more dangerous than first meets the
eye because the scarfed up file can be just about any file
(document, Excel spreadsheet, whatever), and it can be
located anywhere - even on a secure server. If you have
permission to read the file, and you use Word 97 to edit a
document that's been given to you, and the person who's
trying to grab the file knows its name and where it's
located, Alex's exploit will invisibly suck the file into
the Word document as soon as you open it.
More than that, the "spy" field code can scan for hundreds
of files with impunity. If the person trying to drag
information out of you doesn't know the precise file name,
they can make a whole lotta guesses, and you'll never be
any the wiser.
I'm tellin' ya, folks, it's the worst Word security hole
I've ever seen.
If you use Word 97 (and I figure about 95% of all the large
companies on the planet still have people who use Word 97),
you should NOT open and modify a document that someone
gives to you, unless you're sure that they can't get the
document back.
Far as I'm concerned, this security hole renders Word 97
essentially useless - downright dangerous, in fact - in any
corporate environment, and close to useless anywhere else.
Microsoft Management has an interesting decision to make.
Microsoft doesn't officially support Word 97 any more.
Ergo, the obvious question: Is Microsoft going to patch the
hole, or are they going to let their Word 97 customers
twist in the wind?
Every indication I've seen points to the pound sand
alternative. And that makes me mad as hell. It should make
you mad, too.
No doubt some Microsoft higher-ups figure this is good
news: after all, anything that forces customers to upgrade
is good, yes?
But in the end, denying Word 97 users a fix eats away at
Microsoft's credibility, particularly considering the
extent of this security hole. It's the antithesis of
"trustworthy." And you have to wonder about Microsoft's
liability in a situation like this.
Your call, Steve.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Make the shift to fast full throttle vibrant COLOR with the Phaser 6200.
An affordable, high-performance office color laser printer that's
FASTER than 90% of today's office printers at 16 ppm in full-color!
Win a 50" HIGH-DEFINITION TV or a PHASER 6200 COLOR LASER PRINTER
ENTER TO WIN at http://psstt.com/1/c/23071/65146/205856/205856
<a href="http://psstt.com/1/c/23071/65146/205856/205856"> AOL users click here </a>
** Buy One Inkjet Cartridge - GET TWO FREE!! **
Buy 1 Get 2 FREE on Most Epson, Canon, and Apple
Cartridges. Wholesale Pricing on Lexmark Cartridges.
Free Shipping on orders $25 or more!! U.S. Shipping Only.
Click Here For a Complete List of Cartridges.
http://psstt.com/1/c/23071/56049/205856/205856
<a href="http://psstt.com/1/c/23071/56049/205856/205856"> AOL users click here </a>
2. TOP TIP: THAT AIN'T A LABEL BUG, IT'S A FEATURE
Phil Rabichow, who's been around the WOPR Lounge so long I
think his name is carved on one of the pillars, read about
the Word 2000/2002 label sizing bug my son hit, as
described in
http://www.woodyswatch.com/office/archtemplate.asp?v7-n38
Ya know what? It ain't a bug. It's a feature!
When we created the labels, we told Word to use A4 paper.
(For those of you who don't know, A4 is the common size of
paper used for business correspondence almost everywhere in
the world, except the USA.) There was no particular reason
for us to use A4 - the label sheets themselves are
considerably smaller than A4 or 8 1/2 X 11 - and we didn't
think anything about it.
Wrong.
Phil nailed the problem. Both our Word 2000 and Word 2002
machines have the Tools | Options | Print | Allow A4/Letter
paper resizing box checked. (If you look at your PC, I bet
you do, too - we run bone-stock standard US versions of
Office and Windows, just like you.)
Phil said: "If you have that option checked & you create
labels on A4 paper, Word "knows" that you really wanted
them smaller. I understand that if you create a document on
8 1/2 X 11 & then put it on A4 paper, it must be resized to
maintain the same relative formatting. So Word shrinks your
tables. Er, labels. I don't know if this is a bug or "by
design", Word should know that if you go to the trouble of
specifying exact label dimensions & paper size all in the
same dialog box, that you mean it."
And that was precisely the problem. Word took it upon
itself to resize the pages, clobbering our labels in the
process.
Thanks, Phil.
Those of you who struggle with printing documents on
different-sized paper (and that seems to be an increasing
percentage of you every day) should seriously consider
unchecking that "Allow A4/Letter paper reiszing" box. See
the WOPR Lounge thread starting at
http://www.wopr.com/cgi-bin/w3t/showflat.pl?Cat=&Board=wrd&Number=170659
for details.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ContEX CRM is the most powerful, flexible, customisable and simple solution
available to turn Microsoft Outlook into a fully featured low cost CRM system.
Features mailing and event management, sales pipeline and prospect tracking,
and a public journal folder.ContEX CRM is the solution that Microsoft Outlook
users everywhere have been waiting for!.
For information:- www.imprezacomp.com
Looking for time saving Excel add-ins? Visit add-ins.com!
http://www.add-ins.com/index.htm?wow2
3. YOUR SPYWARE QUESTIONS ANSWERED
Many of you wrote last week with questions and comments
about the "Document Collaboration Spyware" security hole
and the other exploit that I bumped into.
JW writes: "Is there a way to disable Word 97/00/02 so that
the problem doesn't occur?"
Nope. Far as I can tell, there isn't a thing you can do
about it, aside from deleting the offending field(s).
JW: "Is this related to the Track Changes tool in some way?"
Nope. Track Changes in Word 2002 is a thorny mess. But it's
a different thorny mess. <weak grin>
PS: "When I've received the Word document, I save it onto
my PC under a different file name (before making the
changes), would the spyware still run off and snatch any of
my files?"
Yes. Doesn't matter where you put the "spy" document - the
one you received from your snoopy friend - or what its name
might be.
XA: "Have you noticed if this security hole remains when I
change the document but save and return it as RTF not DOC
format?
When I do a File | Save As in Word 97, and save the
document in Rich Text Format, the "spy" text appears in the
RTF file. In other words, you can't save as RTF and bypass
the problem. (Very interesting question, by the way.)
IH: "Who needs to have Word 97 running - the sender, the
recipient, or both?"
For the "Document Collaboration Spyware" exploit, only the
recipient needs to be running Word 97. You can easily
create a "spy" document with any version of Word.
The exploit I bumped into, on the other hand, works across
all versions of Word.
Some of you chastised Alex for publishing details of a
security exploit before Microsoft had a chance to fix it.
Let me rush to Alex's defense.
First, people like Alex (and Georgi Guninski) have become
so fed up with Microsoft's lax response to security fixes
that they aren't willing to play the game any more. They
don't trust Microsoft to work diligently on a fix, and they
figure the only way a hole is going to get plugged quickly
is if they get all the details out, right away. After all,
it only took Microsoft four and a half months to plug the
critical holes in the Office Web Components. (Worse, MS
buried the one crucial detail about the fix - telling IE
not to trust content from Microsoft - so deep in a security
bulletin that most people never read it! Don't get me
started.)
Second, there's a lot to be said for getting all the
details about a new exploit out in the open as soon as
possible - that way, other security-minded folks (such as
yours truly) can try to shed light on the problem, and come
up with suggestions for Microsoft to consider when creating
the patch.
Third, many people figure that if they've stumbled on a big
security hole, it's only a matter of time before somebody
with a black hat stumbles onto the same security hole, and
really makes a mess of things by catching the world
unawares.
Fourth, Microsoft has shown absolutely no interest in
protecting Word 97 users. None. Why should Alex take on
Microsoft management, all by himself, keep his mouth shut,
and hope that MS will some day do the right thing?
Personally, I have varying degrees of sympathy with all of
those arguments, but after all that's happened I can't
fault someone for blowing the whistle.
Some of you wrote in to chastise me for NOT giving out the
details of the security exploit I bumped into. Sorry, but
as long as I'm convinced Microsoft is working on a fix,
I'll keep mum. I've done it before (two other Office holes,
and one in Windows), and I'm inclined to do it again.
Of course, if Microsoft refuses to patch Word 97 for either
Alex's exploit or my exploit, the gloves come off.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OFFICE DOC MANAGER + PROFESSIONAL WEB BROWSER
Research-Desk combines Excel, Word, PowerPoint, and a
research oriented web browser into one super-MDI/tabbed application:
Create workspaces, save all open docs with one command, search
across all open documents, save web pages, and much more...
http://www.winferno.com/p/wow1
4. MORE SECURITY HEADACHES - GREYMAGIC STRIKES AGAIN
GreyMagic has found yet another Internet Explorer (5.5 or
higher) security hole, and this one can be readily
exploited in Outlook. See
http://sec.greymagic.com/adv/gm010-ie/ for details about
"Who Framed Internet Explorer".
Thor Larholm reports 20 outstanding IE security holes - and
that's AFTER Internet Explorer 6.0 Service Pack 1, which
ships with Windows XP Service Pack 1.
http://pivx.com/larholm/unpatched/
Every week I get more and more convinced that Office 11's
new ability to read and write XML files will be a
horrendous security headache. Jeeez. They can't even keep
the native binary file format secure. What's going to
happen when every Tom, Dick & EXE can go in and twiddle a
Word doc's bits?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get a FREE New Car Quote!
Save time and money by requesting a free quote today.
InvoiceDealers will offer you the ABSOLUTE BEST PRICE on a new car,
truck, van or sport utility vehicle. Start here and save!
http://psstt.com/1/c/23071/69019/205856/205856
<a href="http://psstt.com/1/c/23071/69019/205856/205856"> AOL users click here </a>
5. AN EVEN BETTER WAY TO SEND MAIL TO A CATEGORY
In recent issues of WOW I've been talking about various
ways to send email to an entire Category of entries in your
Contacts list - the obvious way to manage mailing lists,
for example.
WOWser Andy Wright sent me a great alternative: "What I do
is switch to By Category view, then drag the grey Category
grouping bar - you know, the one that says "Categories:
MyMailingList (23 items)" - and drop it onto the Inbox or
any other mail folder. It creates a new message addressed
to everyone in that category.
I do this in preference to using the PAB PDLs because it's
dynamic - I add someone to the category, they're in the
list. Done. The email addresses are all in the To: line of
the message - if I want to miss a couple of people out of
this mailing, I can, by simply deleting their names. It
also leads to simpler list maintenance - I find it easier
to look at a Contact and think "What lists should this
person be on?" than to look at a list and think "Which
people should be in this list?" but I guess that's just the
way I think.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6. SCHEDULING OUTLOOK TASKS
Here's a neat utility that does just what I want - and no more.
Don't know about you, but I have about a zillion tasks that
stare at me every morning. It's hard to keep track of them
all. Outlook doesn't help much. But a utility called
Taskline (http://www.taskline.info/ ) gives me a bunch of
tools for organizing and managing them.
It's cool. Not a full-fledged project management package.
Just a little companion that lets me assign start and
finish dates, works around my calendar entries, and helps
me keep on top of deadlines - the bane of the scribbling
class.
Shareware priced at $50, with a 30 day trial period. Check
it out.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7. KEEP WOW ALIVE AND FREE
If you like the no-nonsense style you see in this
newsletter - the straight scoop, whether Microsoft likes it
or not, dished out in a way that won't put you to sleep -
get one of my books!
"Windows XP All-In-One Desk Reference For Dummies", Hungry Minds
http://www.woodyswatch.com/l.asp?0764515489
"Special Edition Using Microsoft Office XP" with Ed Bott, Que
http://www.woodyswatch.com/l.asp?0789725134
"Special Edition Using Microsoft Office 2000" with Ed Bott, Que
http://www.woodyswatch.com/l.asp?0789718421
"Woody Leonhard Teaches Office 2000", Que
http://www.woodyswatch.com/l.asp?0789718715
ADMINISTRIVIA
If you want to know about subscribing, unsubscribing,
changing your address, making comments, distributing copies
of WOW - or you want to read about how we protect your
privacy, or any of the usual legal mumbo-jumbo, please hop
over to your very own personalized WOW page at
http://woodyswatch.com/info.asp?wow=genegaines@earthlink.net
This copy of WOW was originally sent to genegaines@earthlink.net
ADVERTISING
You, too, can reach the largest group of influential Office
users on the planet for a mere pittance... send a message
to Jan mailto:ads@woodyswatch.com and our ad folks will
send you details.
Woody's Watch happily uses Dundee Internet for all web &
list hosting http://www.dundee.net/isp/default.asp
Woody's OFFICE Watch
Copyright 2002 by Peter Deegan. All rights reserved. ISSN 1328-1674.
======================================================
W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H
==============End of original message text===========
--
Gene
gene.gaines@gainesgroup.com