Re: Office 2007 documents security question

A

Alun Jones

In article <[email protected]>, "Kevin John
Panzke" <[email protected]> wrote:
>Microsoft Office 2007 Reminder: You Are Under an NDA (Non Disclosure
>Agreement)!
>
>"Howard" <[email protected]> wrote in message
>news:[email protected]
>> In previous versions of MS Office the office documents are stored in a
>> proprietary format. In Office 2007 they have switched to this new open xml
>> format. which is good for user manipulation and other cool stuff you can
>> do with XML. But it also opens the door to potential vandalism. What has
>> been done to protect the integrity and security of the documents? Can a
>> malicious hacker possibly write a script that parses through all documents
>> and add his mark? and Office wouldn't detect it because it's no different
>> than regular user input.


I don't think Howard said anything that we didn't already know.

On a simple response, it's worth noting that the same is true of previous
Office documents - a hacker with appropriate privileges can modify a document
and pass it on as if it's the original.

The answer, in both cases, is to digitally sign the document - that is, to
generate a cryptographic hash of the document's contents, and then encrypt
that hash with your private key, so that everyone can verify that the document
is unchanged from the version you claimed as being approved by you as
'genuine'.

XML already has a standard for digital signatures, even before Microsoft gets
to play with the formats for Office, so I would expect that there would be a
means to sign the documents so as to detect tampering.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | [email protected].
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
 

My Computer

Top