Latest image
Recent comments
- iptables entry
21 weeks 4 days ago - Don't download the linked
47 weeks 6 days ago - blue bonnets
1 year 3 weeks ago - I prefer sim city 2000's
1 year 3 weeks ago - fw_laptop on servers
1 year 3 weeks ago
My identi.ca posts
My Other Sites
Creative Commons
Subscribe
Blog:
Podcast:
Photoblog:
Statistics
OpenOffice / OpenDocument and MS Office 2007 / Open XML security
Tue, 2007-01-09 03:26 — Uwe Hermann
Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)
Not too surprising when you come to think of it, there are tons of possibilities to embed various kinds of malware in the new office document formats. Also, you always have the risk of leaving sensitive metadata in there... If you publish stuff, you better convert to PDF before. But even that might leave sensitive data in the PDF, mind you!
Oh, and one nice detail you might enjoy:
- OpenDocument specification: 700 pages
- Microsoft's Open XML specification (final draft): 6036 pages!
And that doesn't even describe all of the format (e.g. VBA macros are missing)! No further comment required...
Comments
usual .doc disasters
Yeah and it's really hard to get rid of MS Office. The institution where I am doing my civilian service right now has a webserver hosting a simple html table with all their internal documentation and manuals linked to .doc files probably because most of the people are just used to it.
I suggested a more userfriendly, anti-vendor-lockin wiki solution - see http://dokuwiki.org - some days ago. There is a slight chance as my boss likes collaboration, people thinking for themselves and Linux :)