Toolkit
Story: 'Unfixable' Word password hole exposed
Posted by: Mike Junkin (Thursday 8 January 2004, 12:13 AM)
Delbrouck's example is perfrect!
"What happens, asked Delbrouck, if Dell sends him an offer, he uses the hack to modify the offer in his favour, then signs it and faxes it back? "
I'm not even going to bother delving into the obvious result - Delbrouck goes to jail for fraud.
Instead lets change the scenario only slightly and say Dell used a locked PDF instead. So Delbrouck makes his own PDF that looks just lke the original except he lowers the quote and locks it with his own password. How can dell prove they didn't send him the altered PDF?
Strong encryption, by itself, does nothing to help prevent his fraud. And, as a 'security expert' Delbrouck should know better.
The fact that he used this lame example raises more questions than his trumpted up security hole.
Full Talkback thread
Story: 'Unfixable' Word password hole exposed
-
Office documents have never been secure, for years... Mark -
I forgot the password of my Doc file can anyo... Stephen -
Delbrouck's example is perfrect!
"What happens, as... Mike Junkin -
Since the days of tip-ex and photocopiers, we have... Kay
-
This whole discussion about passwords is *way* ove... Jim Beveridge
-
What sombody at some security company figures out... Justin
-
Possibly already known. I opened a "protected" wo... David J
-
I have a Word doc with a 'read-only embedded... Peter Carre
