07.12.08

Gemini version available ♊︎

Taking Microsoft OOXML to Task

Posted in ISO, Microsoft, Open XML, OpenDocument, Security at 2:13 pm by Dr. Roy Schestowitz

Any Windows/Office debuggers in the audience?

The following is a reproduction of a new post from Rex Ballard (I started this discussion thread), whose previous post we quoted the other day.


Message-ID: <31a66169-d9e7-4715-9e9e-e3488ebd36a9@25g2000hsx.googlegroups.com>
From: Rex Ballard <rex.ballard@gmail.com>
Newsgroups: comp.os.linux.advocacy
Subject: Re: Leaked ISO Document Reveals Crooked ISO Amid MS OOXML Corruptions
Date: Sat, 12 Jul 2008 08:20:23 -0700 (PDT)

[...]

ODF is a comprehensive document that provides detailed specifications
from the high level document content down to the smallest elements of
scalable vector graphics. There are some “standard” mime object types
that are supported, such as PNG and JPEG, but other embedded formats
must be installed using plug-ins which have to be authenticated by the
user and by the system at installation time, and cannot be installed
by the content. Furthermore, the installed content can easily be
identified as trustworthy or not, and can be restricted in it’s
capabilities.

OpenXML on the other hand, is a high-level specification which
describes the high level envelopes used to embed binary objects which
are included in the content. The content itself contains the binary
code which can call any function in any Microsoft library and has all
permissions of the person opening the document. If a user account is
set up as “Administrator”, then the application can mess with the
registry, create, download, and hide files, can execute applications
in those files, can install any number of new viruses, and generally
wreak havoc on the system.

I’ll leave it to others to document the exact details (as I said, I’m
busy these days), but I’m sure anyone who tries to publish these
vulnerabilites will probably find themselves getting the same
treatment that Tracy Reed of Ultraviolet.org got when he tried to
publish his warnings about ActiveX controls back in 1997. Microsoft
got a court injunction against him, and forced him to take down the
content, claiming that it was being used to encourage hacking, and was
damaging the Microsoft brand.

“I got a couple of docx documents and had trouble getting them to open, even with the plug-in for Office XP. Next thing I know, I get a notice from my registry auditor that I have 1300 new registry errors.”Over the last 10 years,
we’ve seen these very same
techniques, documented back in 1997,
used widely to spread viruses including
Melissa, Nimda, Sky, BugBear, and about
250,000 other viruses, worms,
and malware, not including spy-ware and
other “Microsoft Authorized”
invasions of our privacy.

I got a couple of docx documents and had trouble getting them to open,
even with the plug-in for Office XP. Next thing I know, I get a
notice from my registry auditor that I have 1300 new registry errors.
And suddenly, my PC is churning the disk-drive and the network
connection at 3:00 AM (I’m getting old and have to get up), and the
network shows that I’m uploading something at full speed, even though
my computer is supposedly sleeping.

It isn’t a back-up program that I’m running.

I would encourage COLA readers and OSS advocates to explore this in
more detail.

get someone with Office 2007 to send you a docx file.
unzip it using pkzip or winzip or unzip.

look at the binary files.

replace one binary object with another.

zip up the document,

see if your office-2007 user can read the “enhanced” document.

For those of you with OLE programming skills, create an OLE object
that creates a file, and e-mails that file to you using smtp.

Send a document with this new ole object embedded (along with the
others) and see if you get an e-mail.

I haven’t tried this, and I don’t know if it will work. I’m not sure
how hard it would be to make it work. I just think it might be an
interesting project worth investigating, especially if you are
considering the migration of a few thousand users to Vista and Office
2007.

I’d love to see what the results turn out to be. After all, if it’s
that easy to take control of a recipient’s machine just by sending
them a “trusted” Word, Excel, or PowerPoint attachment, just think how
much chaos a really aggressive malicious hacker, with a goal of
obtaining marketable information about your business, could do.


Does ISO really want to approve such a ‘virus’? As an international standard even? If someone tests the above, please post the outcome here or elsewhere. It would prove invaluable.

The last time a chain of ISO problems was cited, Ian Easson challenged an argument from Groklaw. He might wish read the following lengthy follow-up. ISO is in a deeper puddle of mud than before.

Brazil is a P member of SC 34, so according to my reading of the clause, it has the right to appeal if any of the three above issues apply, and arguably they all do. According to South Africa, if the issue is ISO’s reputation, or if there is a matter of principle involved, Brazil can appeal. Even point three could apply, in that Brazil raises matters such as incorrect tabulation of votes, which, if true, one would hope ISO wasn’t aware of.

[...]

Why did they bother to go, one might ask? Why vote, if votes disappear from the record? By my reading, Brazil paints a picture of an orchestrated event, tilted away from criticism or a negative result and a refusal to give substantive consideration to issues delegates wanted to discuss, due to time constraints Brazil calls arbitrary, and worse.

For details about the BRM in question, see [1, 2, 3, 4, 5, 6, 7, 8] and have your jaw sink to the floor. It was a bad plan from the get-go [1, 2, 3, 4, 5], but Emperor Microsoft was in a hurry and it even used its lobbyist Jan Van Den Beld to change the rules ‘on the fly’.

OOXML protests in India
From the Campaign for Document Freedom

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. IRC Proceedings: Thursday, October 21, 2021

    IRC logs for Thursday, October 21, 2021



  2. Links 21/10/2021: MX Linux 21 and Git Contributors’ Summit in a Nutshell

    Links for the day



  3. [Meme] [Teaser] Miguel de Icaza on CEO of Microsoft GitHub

    Our ongoing series, which is very long, will shed much-needed light on GitHub and its goals (the dark side is a lot darker than people care to realise)



  4. Gemini Protocol and Gemini Space Are Not a Niche; for Techrights, Gemini Means Half a Million Page Requests a Month

    Techrights on gemini:// has become very big and we’ll soon regenerate all the pages (about 37,500 of them) to improve clarity, consistency, and general integrity



  5. 'Satellite States' of EPO Autocrats

    Today we look more closely at how Baltic states were rendered 'voting fodder' by large European states, looking to rubber-stamp new and oppressive measures which disempower the masses



  6. [Meme] Don't Mention 'Brexit' to Team UPC

    It seems perfectly clear that UPC cannot start, contrary to what the EPO‘s António Campinos told the Council last week (lying, as usual) and what the EPO insinuates in Twitter; in fact, a legal challenge to this should be almost trivial



  7. The EPO’s Overseer/Overseen Collusion — Part IXX: The Baltic States

    How unlawful EPO rules were unsurprisingly supported by Benoît Battistelli‘s friends in Baltic states; António Campinos maintained those same unlawful rules and Baltic connections, in effect liaising with offices known for their corruption (convicted officials, too; they did not have diplomatic immunity, unlike Battistelli and Campinos)



  8. Links 21/10/2021: GIMP 2.99.8 Released, Hardware Shortages, Mozilla Crisis

    Links for the day



  9. How Oppressive Governments and Web Monopolists Might Try to Discourage Adoption of Internet Protocols Like Gemini

    Popular movements and even some courageous publications have long been subverted by demonisation tactics, splits along unrelated grounds (such as controversial politics) and — failing that — technical sabotage and censorship; one must familiarise oneself with commonly-recurring themes of social control by altercation



  10. [Meme] Strike Triangulations, Reception Issues

    Financial strangulations for Benoît Battistelli‘s unlawful “Strike Regulations”? The EPO will come to regret 2013…



  11. [Meme] Is Saying “No!” to Unlawful Proposals Considered “Impolite”?

    A ‘toxic mix’ of enablers and cowards (who won’t vote negatively on EPO proposals which they know to be unlawful) can serve to show that the EPO isn’t a “social democracy” as Benoît Battistelli liked to call it; it’s just a dictatorship, currently run by the son of a person who actually fought dictatorship



  12. IRC Proceedings: Wednesday, October 20, 2021

    IRC logs for Wednesday, October 20, 2021



  13. [Meme] EPO Legal Sophistry and Double Dipping

    An imaginary EPO intercept of Administrative Council discussions in June 2013...



  14. Links 21/10/2021: PostgreSQL JDBC 42.3.0 and Maui Report

    Links for the day



  15. [Meme] [Teaser] “Judge a Person Both by His Friends and Enemies”

    Fervent supporters of Team Battistelli or Team Campinos (a dark EPO era) are showing their allegiances; WIPO and EPO have abused staff similarly over the past decade or so



  16. 'Cluster-Voting' in the European Patent Office/Organisation (When a Country With 1.9 Million Citizens Has the Same Voting Power as a Country With 83.1 Million Citizens)

    Today we examine who has been running the Finnish patent office and has moreover voted in the EPO during the ballot on unlawful "Strike Regulations"; they voted in favour of manifestly illegal rules and for 8.5 years after that (including last Wednesday) they continued to back a shady regime which undermines the EPO's mission statement



  17. The EPO’s Overseer/Overseen Collusion — Part XVIII: Helsinki's Accord

    The Finnish outpost has long been strategic to the EPO because it can help control the vote of four or more nations; evidence suggests this has not changed



  18. [Meme] Living as a Human Resource, Working for Despots

    The EPO has become a truly awful place/employer to work for; salary is 2,000 euros for some (despite workplace stress, sometimes relocation to a foreign country)



  19. Links 20/10/2021: New Redcore Linux and Hospital Adoption of GNU Health

    Links for the day



  20. IRC Proceedings: Tuesday, October 19, 2021

    IRC logs for Tuesday, October 19, 2021



  21. Links 19/10/2021: Karanbir Singh Leaves CentOS Board, GPL Violations at Vizio

    Links for the day



  22. [Meme] Giving the Knee

    The 'knee' champion Kratochvìl and 'kneel' champion Erlingsdóttir are simply crushing the law; they’re ignoring the trouble of EPO staff and abuses of the Office, facilitated by the Council itself (i.e. facilitated by themselves)



  23. Josef Kratochvìl Rewarded Again for Covering Up EPO Corruption and the EPO Bribes the Press for Lies Whilst Also Lying About Its Colossal Privacy Violations

    Corrupt officials and officials who actively enable the crimes still control the Office and also the body which was supposed to oversee it; it's pretty evident and clear judging by this week's press statements at the EPO's official Web site



  24. [Meme] Sorry, Wrong Country (Or: Slovenia isn't Great Britain)

    Team UPC is trying to go ahead with a total hoax which a high-level European court would certainly put an end to (if or when a referral is initiated)



  25. How Denmark, Iceland, Finland, Norway and Sweden Voted on Patently Unlawful Regulations at the EPO

    We look back and examine what happened 8 years ago when oppressed staff was subjected to unlawful new “regulations” (long enjoyed by António Campinos, the current EPO autocrat)



  26. The EPO’s Overseer/Overseen Collusion — Part XVII: The Non-Monolithic Nordic Bloc

    We start our investigation of how countries in northern Europe ended up voting on the unlawful “Strike Regulations” at the EPO and why



  27. Proof That Windows “11” is a Hoax

    Guest post by Ryan, reprinted with permission



  28. Firefox Becomes as Morally Reprehensible as Apple, Facebook, or Uber

    Guest post by Ryan, reprinted with permission



  29. Links 19/10/2021: GNU dbm 1.22 and Godot 3.4 RC 1

    Links for the day



  30. [Meme] [Teaser] GitHub an Expensive and Dangerous Trap (Also: Misogyny Hub)

    The ongoing Microsoft GitHub exposé will give people compelling reasons to avoid GitHub, which is basically just a subsidised (at a loss) trap


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts