Microsoft Apologizes To Rival 151
Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."
File Formats that ARE (Score:2, Insightful)
Oh, wait
Fortunately my various flavors of un*x boxes don't understand what to do with these...
I would love to read the letter Microsoft's legal department got over the December update.
Too bad that won't be made public.
we're sorry... (Score:5, Insightful)
Re:Boiled down (Score:5, Insightful)
It just happens to be that some of their faulty implementations are for reading formats for competing products... You are not permitted to draw any inference from this fact.
Re:So, what changed hands between Microsoft/Corel? (Score:5, Insightful)
Re:Microsoft apologized?! (Score:5, Insightful)
Re:Boiled down (Score:4, Insightful)
"A file format isn't insecure -- it's the code that reads the format that's more or less secure."
Read it again if you didn't catch it.
=Smidge=
Nothing Worth Selling (Score:5, Insightful)
Uh, sparky, the assumption that Corel has anything of value to market and sell is a bit of a stretch. They have so mismanaged the brand that it is almost criminal what they did to their office products.
I was a big time WordPerfect user. I tried to stick around through their sale to Novell and lack of effort from them. Later, sold to Corel, the company sat on it and did nothing allowing Microsoft Word to over take it and take over Office Suite dominance. This is what turned MS into the big monster it is now.
Corel should be apologizing to the world.
They took a great product and took a dump on it. This would be like DC turning the Superman franchise over to Alexander Salkind...oh, wait, they did.
Re:File formats can't be insecure? (Score:3, Insightful)
Amazing. (Score:5, Insightful)
However, the most entertaining posts on this website, are in cases where Microsoft admits error, or does something "good". We then get to see these same people do logical contortionist routines about how they must have been threatened legally, or baseless conjecturing about what must have been in it for them.
A lot of people here talk a lot about how Microsoft should listen more to the "geek" community. Places like this remind me of precisely why they don't bother.
Slashdot is generally pretty great for my daily fill of tech news. But man oh man, when it comes to Microsoft, any front of being unbiased is quickly cast off.
"kdawson" is probably the worst of the bunch, too.
- Scott
Re:So, what changed hands between Microsoft/Corel? (Score:1, Insightful)
I strongly suspect it has to do with the attempt by Microsoft to get OOXML accepted as a standard.
The strogest feature of ODF is that it is completely open, fully specified, no trade secrets, able to be implemented by any party. It is therefore arguably "future proof"
OOXML has come under HEAVY criticism for not providing the same capability
http://en.wikipedia.org/wiki/Office_Open_XML#Technical_criticisms [wikipedia.org]
Microsoft just provided yet another excellent example of lack of "future proofing" in their formats. Now you cannot open files that you used to be able to open.
This incident is not at all a "good look" for Microsoft to have just as their OOXML format is coming up again for consideration as an ISO standard.
Re:Boiled down (Score:1, Insightful)
* Should they secure the most common ones (i.e. post-Word 6.0) first and issue an update with the common ones secure and leave the rest vulnerable for the rest of the year?
* Should they secure all of them and issue an update all at once, leaving all users vulnerable all year?
* Or should they secure the most common ones first, issue an update that secures the common ones and disables the uncommon ones, then at the end of the year issue an update that secures and re-enables the uncommon ones?
I'm pretty sure that Theo de Raadt would immediately audit the code everybody depends on, then disable the rest until an audit is complete. Of course everybody on
Remember, these parsers were written back when the worst a bad
And don't think every other program out there doesn't have similar bugs. I have no doubt you could effectively attack Lotus 1-2-3 too, but nobody does because it's easier to write an exploit than it is to find a Lotus user. Unix programs are notoriously [64.233.169.104] bad [64.233.169.104] in this regard also.
dom
Re:Wait.... (Score:5, Insightful)
Chris Mattern
Notice the wording (Score:5, Insightful)