Tweet
Word hole embarrasses Microsoft: When is a security feature not a security feature?
A hole in Microsoft’s ubiquitous word processing software, Word, makes its much-used security feature superfluous.
The “Protect Document” option in Tools is used when you want to prevent people from making unauthorised changes to specific areas of your document.
The feature allows you to attach a password to a file and so restrict the alteration of data on the page. Large numbers of companies use it to send customers quotes and invoices.
However, CIO of Infineon security subsidiary Guardeonic Solutions, Thorsten Delbrouck, has discovered that with a simple bit of manipulation, the document can be opened up, altered, and given a new password - or the original password so no-one would doubt its authenticity. The method is extremely easy and now posted on the Web.
Microsoft’s response to this potential legal nightmare has been classic Redmond. Informed in November and given until last week to respond, it will not be issuing a fix (presumably because such a fix is impossible).
The “Protect Document” option in Tools is used when you want to prevent people from making unauthorised changes to specific areas of your document.
The feature allows you to attach a password to a file and so restrict the alteration of data on the page. Large numbers of companies use it to send customers quotes and invoices.
However, CIO of Infineon security subsidiary Guardeonic Solutions, Thorsten Delbrouck, has discovered that with a simple bit of manipulation, the document can be opened up, altered, and given a new password - or the original password so no-one would doubt its authenticity. The method is extremely easy and now posted on the Web.
Microsoft’s response to this potential legal nightmare has been classic Redmond. Informed in November and given until last week to respond, it will not be issuing a fix (presumably because such a fix is impossible).
Comment