Microsoft Apologizes To Rival 151
Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."
Wait.... (Score:5, Funny)
Re:Wait.... (Score:5, Funny)
It's a little like your Soviet Union or Bizzarro Universe.
Re: (Score:2, Funny)
You must have woken up in Soviet Russia!
Re: (Score:2)
The Great Continent of Rand McNally [wikipedia.org]
Re: (Score:3, Funny)
Re: (Score:1)
Re: (Score:2, Funny)
Re:Off-topic (Score:1)
Explains a lot, really.
Re:Wait.... (Score:5, Funny)
Re:Wait.... (Score:4, Funny)
Re: (Score:2, Funny)
Why did I read that as:
"Depends. Is everyone around you wearing goatsies"?
Heck, that site has scarred me life.
Breaking news (Score:5, Funny)
Developers, Developers, Developers! (Score:1)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:1)
Unfortunately, there have yet to be sightings of suicidal tentacled strippers.
Re:Wait....for the red pill. (Score:2)
Re:Wait.... (Score:5, Insightful)
Chris Mattern
Re: (Score:2, Interesting)
Re: (Score:2)
Allow me to steal a few million from you, and I will happily apologise, so everything will be ok and forgiven. I have no problem with this new world. Fool.
Re: (Score:2)
restated for those with a sense of humor or who are not ms shills... (well, even a shill can have a sense of humor, right?)
Boiled down (Score:2)
Re:Boiled down (Score:5, Insightful)
It just happens to be that some of their faulty implementations are for reading formats for competing products... You are not permitted to draw any inference from this fact.
Re: (Score:1, Insightful)
* Should they secure the most common ones (i.e. post-Word 6.0) first and issue an update with the common ones secure and leave the rest vulnerable for the rest of the year?
* Should they secure all of them and issue an update all at once, leaving all users vulnerable all year?
* Or should they secure
Re: (Score:2)
What is the worst that Word can do these days ? What's the worst it _should_ be able to do ?
Re: (Score:2)
Re:Boiled down (Score:5, Interesting)
The strategy isn't bad... (Score:1)
Re: (Score:3, Funny)
But a block of wood isn't complete safe. Someone could get hurt by it. So they'd have to release SP1 which adds padding.
Re: (Score:2)
Re: (Score:2)
Re:Boiled down (Score:4, Insightful)
"A file format isn't insecure -- it's the code that reads the format that's more or less secure."
Read it again if you didn't catch it.
=Smidge=
Re: (Score:2)
Business as usual (Score:1)
It took MS 4 years to apologize?
Re:Business as usual (Score:5, Informative)
The blocking of the file formats was from September's Office 2003 Service Pack 3 update. The KB article was probably issued the same time, but it was edited yesterday (and the MSKB doesn't show the original date, just the last review date and the number of times edited).
The apology was yesterday.
File Formats that ARE (Score:2, Insightful)
Oh, wait
Fortunately my various flavors of un*x boxes don't understand what to do with these...
I would love to read the letter Microsoft's legal department got over the December update.
Too bad that won't be made public.
Re: (Score:3, Informative)
Re: (Score:2)
Besides which, my point was that the formats are no more or less secure than their Windows equivalents
Re: (Score:2)
You missed my personal favorite: Windows Metafile [wikipedia.org]
Terrible engineering, that.
Re: (Score:1)
Do you read and interpret the source code of everything you download?
The only difference here is that Windows operating systems have a number of file formats that will execute by default, which, to be honest, make them a little easier to use. Meanwhile, keep on w
So, what changed hands between Microsoft/Corel? (Score:3, Interesting)
Why would Microsoft enable a competitor, and, more ludicrously, apologize if there was no reason to? What's in this for Microsoft? Did Corel pay them a fee? Agree to cede a market? Threaten them with some kind of slam-dunk legal action that Microsoft was on the losing side of? We will probably never know.
Re:So, what changed hands between Microsoft/Corel? (Score:5, Insightful)
Stop them from getting sued? (Score:2)
Likely the apology was a condition of some out of court agreement.
Re: (Score:1, Insightful)
I strongly suspect it has to do with the attempt by Microsoft to get OOXML accepted as a standard.
The strogest feature of ODF is that it is completely open, fully specified, no trade secrets, able to be imp
Re: (Score:1)
http://www.forbes.com/2000/10/03/1003corel.html [forbes.com]
Oh, here's a quote:
"For starters, what becomes of Corel's Linux plans? Corel has poured considerable resources into its Corel Linux operating system and porting its business and graphics applications to Linux. The company has positioned its Linux efforts as the linchpin of its comeback strategy, but there was no mention of Linux on the conference call Monday."
Perhaps a type of non-disparagement agreement, that if MS betrays, Corel Linux
Re: (Score:2)
Anyway, I'm waiting for the real apology, which should go more like: "Dear computer world. We suck. Sorry, we'll go now, and you'll all be better off for it." (And no, that's not childish or disrespectful; it's humor, justified by the companie's past).
Defamation via incompetence (Score:1)
we just didn't realize
we hope we didn't damage your business, we hate it when we do that to our competitors
we're soooooo sorry
hehehehehehhehehehe
Seriously... (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Informative)
If you ask me, Corel Draw is one good drawing tool, a good partner for Adobe Photoshop. (I'm not a pro at these tools, I just stumble upon them when I rarely need it...)
we're sorry... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:1)
That was great.
that's weird (Score:3, Funny)
Microsoft apologized?! (Score:1)
Microsoft apologized?!
Wait... uhmm...
So ... confused ...
*** BAM! ***
But seriously, does anyone really think this was an accident or expect this to be any better than it was before?
Re:Microsoft apologized?! (Score:5, Insightful)
Re: (Score:2)
Who neutered Microsoft? (Score:5, Interesting)
Admitting FUD is uncharacteristic of Microsoft. Speaking the plain truth means Hell just froze over.
I'm at a loss for words....
Enjoy,
Re: (Score:2)
That quote just makes me want to ask, "And whose 'code' is that....? Whose code is insecure...?" Come on, just say it! It's not 'the code' that's insecure, it's 'your code'.
eBay, you're up. (Score:1)
wow (Score:1)
File formats can't be insecure? (Score:2)
Re: (Score:2)
Re: (Score:2)
The crucial question you're not asking is what is the intended use of the file format. Every file format is intended to be used for something, and once it is stated what that use is, one can ask if the format is secure for its intended purpose.
In my example, the intended purpose makes the format insecure. If I had used plain ASCII to list a bunch of recipes I found online, the format wouldn't be insecure if my purp
Re: (Score:2)
And yet for some odd reason NeoOffice on my Mac can open them just fine with no adverse reaction.
Re: (Score:2)
If we go ahead and assume that "ASCII file format" means a file containing only the printable ASCII characters, then that's pretty open ended. You can store encrypted data in it just fine by encoding that data as "plain text" (e.g. gpg --armor). The same as how binary files can be sent over SMTP, which traditionally only supports 7-bit ASCII. Or you could come up with your own "cypher", known only to you, so an attacker reading the file would see "mybank.com password: foozball" but you'd know that it's a li
Re: (Score:2)
Exactly, that's why I think that _format_ is insecure. It allows entirely unsecured content for any purpose if one so chooses (eg my example).
I use "format" in the sense that there exists a specification which imposes constraints on both the form and the content (ie BNF for the form, and semantic rules for what goes where). I assume you would agree? If I
Re: (Score:2)
Only if such a program can actually decode the file, though. If an attack has to be performed on the system l
Re: (Score:2)
True, but this completely ignores the point of his post: file formats can be insecure, depending upon the metric used to evaluate said security. In MS's case, the format parser is broken. In his example, using a file format sans encryption (or with vulnerable encryption [slashdot.org]) is also insecure:
Re: (Score:3, Insightful)
Re: (Score:2)
If I specified the format to be freeform text, encrypted with a suitably hidden, suitably complex one time pad, then the resulting file format would have to be called secure, no?
Re: (Score:2)
no. Not by itself, at least. You would still need a whole process to securely transport/exchange the keys/one time pad to make it both secure AND useful.
I also believe that's not the point of the "insecure" attribution either: they are likely talking about nasty stuff like buffer overflow, arbitrary execution, privilege escalation, as opposed to the security/privacy of data itself.
Re: (Score:2)
Actually, you might well be right about that. For example, the binary Word format is well known(*) to be pretty close to a serialized memory dump of the Word program's internal object tree.
(*) in case you're trying to reverse engineer the format based on public
Re: (Score:2)
You're changing the argument. The OP never included useful as a metric for evaluation. ;)
How about old Mike? (Score:2)
No shit. (Score:2)
We don't abuse our monopoly... (Score:5, Funny)
Typical Microsoft to me (Score:1)
I wander if Corel can sue Microsoft for this?
Amazing. (Score:5, Insightful)
However, the most entertaining posts on this website, are in cases where Microsoft admits error, or does something "good". We then get to see these same people do logical contortionist routines about how they must have been threatened legally, or baseless conjecturing about what must have been in it for them.
A lot of people here talk a lot about how Microsoft should listen more to the "geek" community. Places like this remind me of precisely why they don't bother.
Slashdot is generally pretty great for my daily fill of tech news. But man oh man, when it comes to Microsoft, any front of being unbiased is quickly cast off.
"kdawson" is probably the worst of the bunch, too.
- Scott
Re: (Score:2)
Some of us are still arguing that file formats can be insecure [slashdot.org].
It may also surprise you that Slashdot is a community composed of individual people. At any given time, a subset of these people have a particular opinion, a further subset feel the need to post, and a separate subset (mutually exclusive with the former subset) feel the need to moderate what other peop
Re: (Score:2)
Re: (Score:2)
- Scott
Mea Culpa (Score:1, Troll)
Now I can see, my assumption was wrong.
By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you.
It's actually st
Ha! Solution! (Score:2)
attn: rabid linux users: (Score:2)
Who? (Score:2)
It's about time.... (Score:2, Interesting)
[After reading TFA] It is refreshing to see such a direct and honest explanation and rationale [msdn.com]. Even if it isn't exactly front page news, it's much better than the typical PR-filtered triple-speak that tends to get the press. A good reminder that the developers != the company.
Thanks, David.
We're apologizing... (Score:5, Informative)
Chris Mattern
Peace at last! Whew! Celebrate! (Score:2, Funny)
Heh (Score:5, Funny)
My father has that in his My Documents-folder. It contains secret passwords.
Re: (Score:2)
Next up (Score:5, Funny)
Because in Soviet Redmond, the chairs fear YOU!
Seriously, MS has apologized. To a competitor. On a technical subject. Holy friggin WOW. Since god now obviously exists, here's what I'm going to be praying for over the course of the next few years:
-Physics grant gets awarded to grad student who does not have lips wrapped tightly around String Theory schlong
-Dell admits that their computer cases are uglier than your face.
-Apple fanbois shut up. For good. (and I'm typing this on a macbook pro)
-America elects a Good president.
-Myspace creators realize the magnitude of their crime against human civilization and turn themselves in to local authorities.
-I stop wasting my time on slashdot.
That's going a bit far, I think.. (Score:2)
Look, that's really pushing credibility. No way.
Re: (Score:2)
-Myspace creators realize the magnitude of their crime against human civilization and turn themselves into local authorities.
Notice the wording (Score:5, Insightful)
Re: (Score:1)
Boo-hoo.
Nothing Worth Selling (Score:5, Insightful)
Uh, sparky, the assumption that Corel has anything of value to market and sell is a bit of a stretch. They have so mismanaged the brand that it is almost criminal what they did to their office products.
I was a big time WordPerfect user. I tried to stick around through their sale to Novell and lack of effort from them. Later, sold to Corel, the company sat on it and did nothing allowing Microsoft Word to over take it and take over Office Suite dominance. This is what turned MS into the big monster it is now.
Corel should be apologizing to the world.
They took a great product and took a dump on it. This would be like DC turning the Superman franchise over to Alexander Salkind...oh, wait, they did.
Re: (Score:3, Interesting)
The first thing I used after wordperfect 5.1 was Lotus WordPro, since it c
Re: (Score:3, Interesting)
Corel's flagship is CorelDraw, which is a actually a very capable illustration software.
Corel Draw and Corel Photo-Paint used to be on par and sometimes above competitors' products (Adobe Illustrator, Macromedia Freehand; Photo-Paint was at least as capable as Photoshop in 2000).
They stopped innovating. The last Corel Draw suite was released in 2005 (they issued 2 service packs). Photo-Paint remained untouched for years, now lagging behind Photoshop in many areas.
Suc