Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode.php on line 2962
Flaw found in Office encryption
Results 1 to 2 of 2

Thread: Flaw found in Office encryption

  1. #1
    Join Date
    Aug 2004
    Toronto, Canada
    Flaw found in Office encryption
    The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.

    The problem arises because Microsoft programmers did not implement the encryption correctly in its Office applications, Hongjun Wu, a cryptographer at the Institute of Infocomm Research in Singapore, wrote in a paper on the topic.

    "A lot of information could be retrieved from those encrypted files," Wu said in the paper. "If anyone has used the encryption in Microsoft Office...then it is time for him/her to assess the damage that has been caused."

    Microsoft said Thursday that it has begun investigating the flaw.

    "Our early investigation indicates that this issue poses a very low threat for customers," Microsoft said in a statement sent to CNET News.com. "In some cases, an attacker may be able to read the contents of an encrypted file, if multiple versions of that file are available to the attacker. The attacker would need to have access to two distinct files with the same name that are protected by the same password in order to attempt to exploit the vulnerability."

    In the world of cryptographers, encryption schemes that encode more than one message using the same key are seen as flawed. That's because a comparison of the information in the encrypted messages can significantly shorten the search for the correct key to unlock the messages.

    The Microsoft Office flaw is the latest issue that Microsoft has had with implementing encryption in its products. Security researchers have taken the company to task repeatedly in the past for the weak passwords in previous versions of the Windows operating system. Moreover, the company was at the center of a debate in 1999 on whether the code keys central to Windows NT security were actually secure.

    The current issue is almost identical to the weak system key issue in 1999, said Bruce Schneier, chief technology officer of Counterpane Internet Security and author of "Applied Cryptography."

    "This is a kindergarten crypto mistake," Schneier said. "And to make it twice is worse."

    Schneier, who wrote about the issue on his blog earlier this week, hammered at Microsoft for not learning from past mistakes.

    Source: CNet

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Bad bad Microsoft :P

Similar Threads

  1. How to remove the encryption in windows XP Folder/
    By asiaenforcer in forum Windows - General Topics
    Replies: 1
    Last Post: 08-03-2006, 02:27 AM
  2. Slackware 10.2 and Disk Encryption
    By vwgtiturbo in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 04-26-2006, 04:01 AM
  3. WiFI WEP encryption conundrum
    By jro in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 06-20-2005, 05:13 PM
  4. linux security with encryption
    By sadique in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 05-17-2004, 07:52 PM
  5. file encryption on linux
    By gsanand in forum Linux - General Topics
    Replies: 3
    Last Post: 12-16-2002, 11:14 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts