Ralph Reimöller said:
My wife has forgotten the password for a word-file. How can she open the
file.
a group I subscribe to has warned us about an easy hack to disable passwords
it is
Microsoft Word documents that use the software's built-in password
protection to avoid unauthorised editing can easily be modified using a
relatively simple hack that was published on a security Web site last
Friday.
The link to it is
http://www.securityfocus.com/archive/1/348692/2004-01-02/2004-01-08/0
Maybe this will help
The password-protection feature in Microsoft Word -- activated by clicking
on Tools/Protect Document -- can be bypassed, disabled or deleted at will,
with the help of a simple programming tool called a hex editor. The hack
does not leave a trace, meaning an unauthorised user could remove the
password protection from a document, edit it, and then replace the original
password.
Microsoft was informed about the vulnerability in late November by Thorsten
Delbrouck, chief information officer of Guardeonic Solutions, which is a
subsidiary of German security specialist Infineon Technologies. In early
December, Microsoft denied there was a problem because, the company said,
the password-protection feature is not intended to provide "fool-proof
protection for tampering or spoofing" but is "merely a functionality to
prevent accidental changes of a document".
This view is questioned by Delbrouck, who told ZDNet UK that the "feature"
poses serious legal implications for companies. He explained that one of his
company's hardware suppliers is Dell, which emails its quotes on a form
protected-Word document. What happens, asked Delbrouck, if Dell sends him an
offer, he uses the hack to modify the offer in his favour, then signs it and
faxes it back? "We would probably end up in court and an expert would
probably look at the original document and say, 'this document is protected
by a password that the customer could not have known. It has not been
modified because the protection is still active and the document still has
its original password,'" Delbrouck said.
Following Delbrouck's revelations, Microsoft updated its Knowledge Base
article 822924, titled "Overview of Office features that are intended to
enable collaboration and that are not intended to increase security" to
include the following warning to users: "When you are using the 'Password to
Modify' feature, a malicious user may still be able to gain access to your
password."
Delbrouck said there is no solution to the problem. Instead of using the
protect feature, he advises companies sending sensitive information to use
digital signatures or a different document format altogether, such as
Adobe's PDF, which he has recommended to Dell in Germany.
Microsoft was not available for comment.
Wow, why am I not surprised
from Doug Thomas
Welland, Ontario
