Comments From: Aleph One
[ This is a wonderful example of the press at work. I was contacted by a wired staff member last week about this story. Sorry, I don't recall if it was Chris or someone else. At that time they wanted to talk to me and get a quote. They wanted to go to press as soon as possible. I told them I was still looking into the matter and if he could call me back in five minutes. He agreed. I knew I had seen this problem before but could not remember where. I looked in the bugtraq archives and could find nothing. I probably saw it while I was subscribed to cypherpunks a long time ago. In any case, I searched the MS KB and found the article talking about the OLE fix. Five minutes later I got a call from the same reporter and I explained to him there was a fix for the problem available for several months. Whats more the fix had been included in the Windows 95 SP1 so most new version of Win95 should be safe. After being informed of this the reporter decided he no longer had a story and would simply file the information someplace. Now is a few days later and we got this article from wired. There is no mention to the fact that SP1 includes the fix. There is also no mention to how long the fix is been out (months). They said they could not reach MS in time but I know they been researching this story for days. In any case the problem does not seem to have anything to do with RAM but on the way FAT allocated space for files. So much for accurate reporting. - a1 ]http://www.wired.com/news/news/technology/story/13342.html MS Office Leaks Sensitive Data by Chris Oakes 6:15pm 29.Jun.98.PDT Microsoft has acknowledged a security vulnerability in its Office application suite that can potentially reveal sensitive data residing on a user's computer. The bug reveals information that resides in a user's RAM and memory buffers -- such as user IDs and passwords -- when users save Microsoft Word, Excel, and PowerPoint documents. To access the potentially sensitive information contained inside a document, a user simply has to open the file using a text-editing program such as BBEdit or Windows Notepad. "I've received numerous emails confirming it in Windows," programmer Mike Morton said last week. Morton, of the ecommerce company DXStorm, recently reported his own experience with the bug to the BugTraq mailing list, which issued an alert last week. Microsoft (MSFT) says the bug affects users of Excel 7.0, PowerPoint 7.0, and Word 6.0 and 7.0 on the Windows 95 platform. The bug may be of particular interest to users who attach Office documents in emails, which could reveal the potentially sensitive information to all recipients of the attached document. Microsoft has released a patch for the bug, which is described as an "OLE Update for Windows 95." "Due to the way Microsoft Excel, Microsoft PowerPoint, and Microsoft Word for Windows use OLE for file storage, documents created in these programs may contain extraneous data from previously deleted files," the Microsoft site reads. "This extraneous data is not visible within the document and does not affect your ability to use these programs normally. However, it is possible that legible portions of previously deleted files may be viewable if you examine these document files using Notepad or file-utility software." The situation could pose security and privacy concerns when these documents are handled electronically, the alert says. The type of information revealed in Office documents could include the text of telnet sessions when user IDs and passwords are entered to access remote services, the contents of disk directory paths, and the URLs of visited Web sites. So far, Morton said he hasn't discovered common textual information, such as email content or other sensitive communciations. But he doesn't rule that out, either. Morton said that in analyzing some of the information contained in his company's documents, the information found there -- even in new documents -- looks to be as much as a month old. This suggests that the filler data may even be taken from dormant sections of the hard disk. But mostly he's seen evidence that it comes from memory spaces. "It looks like [Word] uses a chunk of buffer or RAM memory just to fill out the minimum-size requirements of the document," Morton said. "So pretty much anything that's residing in your memory it's grabbing it and dumping it into the document." Morton said his company will suspend using Microsoft applications to provide materials to its customers until it has resolved the problem. The bug does not affect Microsoft Windows NT users, but does affect Word 98 for the MacOS, and no patch for that has been made available. Microsoft could not be reached for comment in time for this story.