Bonum Certa Men Certa

Taking Microsoft OOXML to Task

Any Windows/Office debuggers in the audience?

The following is a reproduction of a new post from Rex Ballard (I started this discussion thread), whose previous post we quoted the other day.




Message-ID: <31a66169-d9e7-4715-9e9e-e3488ebd36a9@25g2000hsx.googlegroups.com> From: Rex Ballard <rex.ballard@gmail.com> Newsgroups: comp.os.linux.advocacy Subject: Re: Leaked ISO Document Reveals Crooked ISO Amid MS OOXML Corruptions Date: Sat, 12 Jul 2008 08:20:23 -0700 (PDT)

[...]

ODF is a comprehensive document that provides detailed specifications from the high level document content down to the smallest elements of scalable vector graphics. There are some "standard" mime object types that are supported, such as PNG and JPEG, but other embedded formats must be installed using plug-ins which have to be authenticated by the user and by the system at installation time, and cannot be installed by the content. Furthermore, the installed content can easily be identified as trustworthy or not, and can be restricted in it's capabilities.

OpenXML on the other hand, is a high-level specification which describes the high level envelopes used to embed binary objects which are included in the content. The content itself contains the binary code which can call any function in any Microsoft library and has all permissions of the person opening the document. If a user account is set up as "Administrator", then the application can mess with the registry, create, download, and hide files, can execute applications in those files, can install any number of new viruses, and generally wreak havoc on the system.

I'll leave it to others to document the exact details (as I said, I'm busy these days), but I'm sure anyone who tries to publish these vulnerabilites will probably find themselves getting the same treatment that Tracy Reed of Ultraviolet.org got when he tried to publish his warnings about ActiveX controls back in 1997. Microsoft got a court injunction against him, and forced him to take down the content, claiming that it was being used to encourage hacking, and was damaging the Microsoft brand.

“I got a couple of docx documents and had trouble getting them to open, even with the plug-in for Office XP. Next thing I know, I get a notice from my registry auditor that I have 1300 new registry errors.”Over the last 10 years, we've seen these very same techniques, documented back in 1997, used widely to spread viruses including Melissa, Nimda, Sky, BugBear, and about 250,000 other viruses, worms, and malware, not including spy-ware and other "Microsoft Authorized" invasions of our privacy.

I got a couple of docx documents and had trouble getting them to open, even with the plug-in for Office XP. Next thing I know, I get a notice from my registry auditor that I have 1300 new registry errors. And suddenly, my PC is churning the disk-drive and the network connection at 3:00 AM (I'm getting old and have to get up), and the network shows that I'm uploading something at full speed, even though my computer is supposedly sleeping.

It isn't a back-up program that I'm running.

I would encourage COLA readers and OSS advocates to explore this in more detail.

get someone with Office 2007 to send you a docx file. unzip it using pkzip or winzip or unzip.

look at the binary files.

replace one binary object with another.

zip up the document,

see if your office-2007 user can read the "enhanced" document.

For those of you with OLE programming skills, create an OLE object that creates a file, and e-mails that file to you using smtp.

Send a document with this new ole object embedded (along with the others) and see if you get an e-mail.

I haven't tried this, and I don't know if it will work. I'm not sure how hard it would be to make it work. I just think it might be an interesting project worth investigating, especially if you are considering the migration of a few thousand users to Vista and Office 2007.

I'd love to see what the results turn out to be. After all, if it's that easy to take control of a recipient's machine just by sending them a "trusted" Word, Excel, or PowerPoint attachment, just think how much chaos a really aggressive malicious hacker, with a goal of obtaining marketable information about your business, could do.




Does ISO really want to approve such a 'virus'? As an international standard even? If someone tests the above, please post the outcome here or elsewhere. It would prove invaluable.

The last time a chain of ISO problems was cited, Ian Easson challenged an argument from Groklaw. He might wish read the following lengthy follow-up. ISO is in a deeper puddle of mud than before.

Brazil is a P member of SC 34, so according to my reading of the clause, it has the right to appeal if any of the three above issues apply, and arguably they all do. According to South Africa, if the issue is ISO's reputation, or if there is a matter of principle involved, Brazil can appeal. Even point three could apply, in that Brazil raises matters such as incorrect tabulation of votes, which, if true, one would hope ISO wasn't aware of.

[...]

Why did they bother to go, one might ask? Why vote, if votes disappear from the record? By my reading, Brazil paints a picture of an orchestrated event, tilted away from criticism or a negative result and a refusal to give substantive consideration to issues delegates wanted to discuss, due to time constraints Brazil calls arbitrary, and worse.


For details about the BRM in question, see [1, 2, 3, 4, 5, 6, 7, 8] and have your jaw sink to the floor. It was a bad plan from the get-go [1, 2, 3, 4, 5], but Emperor Microsoft was in a hurry and it even used its lobbyist Jan Van Den Beld to change the rules 'on the fly'.

OOXML protests in India
From the Campaign for Document Freedom

Recent Techrights' Posts

[Meme] Community of People to be Exploited, Then Thrown Away, Left Behind or Even Slandered
Debian.org front page
Alexandre Oliva's FSF disposition
During my recent trip for LibrePlanet, I was fortunate to have, or at least start, long conversations with nearly everyone in FSF staff
One More (Failed) Attempt to Deplatform the Sites by Harassing and Threatening Webhosts
What we're seeing here is a person who abuses the system in Canada at Canadian taxpayers' expense trying to do the same in the UK, at British taxpayers' expense
12 Days Have Passed Since the Edward Brocklesby Revelations and Debian Project Has Said Absolutely Nothing About That
One must therefore assume they have nothing to say in their defence (covering up severe security failings)
 
[Meme] KISS, not SAAS
Gemini Protocol turns 5 in exactly 2 days
Hostageware: The Threat of Clown Computing (or 'SaaS', Another Misnomer or Buzzword) to Computer Users Everywhere
This problem isn't limited to Free software adopters
Jean-Pierre Giraud, Possible Forgeries & Debian: elections, judgments, trademark already canceled, archaeologist
Reprinted with permission from Daniel Pocock
Six on the Beach: After Losing Six Continents Microsoft is Losing Oceania Too
Based on the 6- or 7-continent view of the world
Links 17/06/2024: Mass Layoffs Accelerating in Tech, Concerns About Impact of the Net
Links for the day
Gemini Links 17/06/2024: Hyprland Analysed and No Use for Betrusted
Links for the day
Microsoft Can Never Make a Comeback Anymore, the Community is Shutting It Out
We're relying on the real community, not fake ones or coopted ones
The World is Becoming (or Has Already Become) Linux
An intercontinental success story
Georgia: Bing Share Fell by Half Since 'Bing Chat' (LLM Hype), Fell Behind Yandex As Well
Georgia's situation is interesting
[Meme] SPI and 'FSFE': Sponsored by Microsoft to...
women's instincts do not matter to these strongmen
[Meme] Shitburger of an LLM
IBM and the Hololens
Links 17/06/2024: Chatbot Nonsense Thrown Under the Bus (Severe Failure, Pure Hype), How to Finance Free Software 'Hackers'
Links for the day
Debian's Personal Attacks Are Upsetting Women, Too
Female Debian Developer: "I Believe Daniel [Pocock] is On the Right Track."
Microsoft's Bing is So Irrelevant in Moldova (1%) That Russia's Yandex is About 5 Times Bigger
How much longer before Microsoft throws in the towel?
Yes, You Can
Unless you live somewhere like Russia...
[Meme] Listen to the Experts
Bill Gates didn't even finish university]
Roy and Rianne's Righteously Royalty-free RSS Reader (R.R.R.R.R.R.) and the Front-End Interfaces
As the Web deteriorates the availability, quality and prevalence of RSS feeds is not improving, to put it mildly
Algeria Shows High GNU/Linux and Android Adoption, All-Time High and Almost Three-Quarters of Web Requests
GNU/Linux was below 3%, now it is above 3%
Mass Layoffs at Microsoft-owned GitHub (About 80 Percent of the Staff in India Laid Off)
It's not just in India
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 16, 2024
IRC logs for Sunday, June 16, 2024
Gemini Links 16/06/2024: Scarecrows, Moles, Ham Radio, and No IPs
Links for the day
Africa is Android and Green (Chrome, Not Just Android Logo)
In Africa Firefox is almost below 1% now
Coercion From the "Consent" and "CoC" Crowd is a Self-Defeating Tactic
Freedom of the press; Nothing less
Covering Abuses and Corruption
We'll never surrender to blackmail
According to statCounter, GNU/Linux Increased From 3.77% to 3.89% This Month (Worldwide), Windows Now Below 20% in 78 Nations, Below 10% in 27 Nations
Highest since March (for GNU/Linux)
Ubuntu Running Out of Energy
Its planet too is deteriorating
Links 16/06/2024: In Defence of Email and Why Recycling Symbol Lost All Meaning
Links for the day
Gemini Links 16/06/2024: Computer Science Course Union and Potentiometer
Links for the day
Cross border crime: sale of Swiss insurance in France and European Union without authorisation
Reprinted with permission from Daniel Pocock
Letting Microsoft systemd Manage /home Was a Terrible Idea All Along
systemd-tmpfiles, deleting /home
Patriotism is OK, But We Need Facts and Reason, Not Blind Obedience to Authority
Very seldom in the history of human civilisation has groupthink proven to be of real merit
When You Touch One of Us You Touch All of Us
We have a principled, uncompromising stance on this matter
Links 16/06/2024: New Sanctions Against Russia, Fentanylware (TikTok) Causing More Problems
Links for the day
Social Control Media in Japan: Twitter (X) Has Collapsed, YouTube Rising (Apparently)
What a genius Mr. Musk is!
Windows Cleansed in South Africa (Already Hovering Around 10% Market Share)
Plus Microsoft's mass layoffs in Africa
[Meme] Satya Nadella's Windows PC RECALLS Not What He Did
Satya got lucky
Usage of Let's Encrypt in Geminispace Has Collapsed (That's a Good Thing!)
Ideally, or eventually, all capsules will sign their own certificates or have their own CA
North Macedonia: Windows Down From 99.2% to 28.5%
Last year it was even measured at 26%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 15, 2024
IRC logs for Saturday, June 15, 2024
Gemini Links 16/06/2024: Hand Held Maneuvering Unit and Hugo Static Files
Links for the day