Ben Langhinrichs

Photograph of Ben Langhinrichs

E-mail address - Ben Langhinrichs







Recent posts

Thu 7 May 2020

Can we get a huzzah for updated Domino Limits?



Wed 29 Apr 2020

A bigger boat: when in Rome



Mon 27 Apr 2020

HCL Notes 11 - Quick Intro to features and enhancements


May, 2020
SMTWTFS
     01 02
03 04 05 06 07 08 09
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31

Search the weblog





























Genii Weblog

Microsoft thinks that .doc, .xls and .ppt files are dangerous

Thu 24 May 2007, 08:38 PM



by Ben Langhinrichs
Tim Anderson has an interesting post about Microsoft's security advisory 937696, which describes how Microsoft is advising users to force conversion between their older binary format documents and OOXML.  This may lead to more security, but it also will have the side effect, if organizations buy into it, of spreading OOXML much more quickly.  As Tim says:
Like Joe Wilcox, I can‘t help wondering whether it was this, rather than security, which has prompted this release.
It might help with PR problems such as wondering where all the OOXML documents are.

Copyright 2007 Genii Software Ltd.

What has been said:


585.1. Philip Storry
(25/05/2007 02:35)

No link to Tim's article?

I found it eventually...

I still think this is complete bunkum. They've closed one potential attack vector - attack by corrupted document structure. But most attacks are probably via malformed data rather than malformed document structure, so having an XML format to gaurantee good structure isn't much help...


585.2. Ben Langhinrichs
(05/25/2007 05:47 AM)

Sorry, I added the link. I agree that this just seems like using the excuse of security to further other objectives.