Comment tuer un réseau décentralisé (tel que le Fediverse) - #GAFAM #Meta #Threads #Fediverse #Google #XMPP #Microsoft #OOXML
https://grenoble.ninja/comment-tuer-un-reseau-decentralise-tel-que-le-fediverse
2 Likes
3 Shares
Comment tuer un réseau décentralisé (tel que le Fediverse) - #GAFAM #Meta #Threads #Fediverse #Google #XMPP #Microsoft #OOXML
https://grenoble.ninja/comment-tuer-un-reseau-decentralise-tel-que-le-fediverse
Five computer researchers from Ruhr University Bochum in Germany – Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk – describe this sorry state of affairs in a paper titled: “Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures.” They were able to identify five ways to attack vulnerable documents to alter their contents and forge signatures.
The paper is scheduled to be presented at the USENIX Security Symposium in August.
And with Microsoft Office for macOS, document signatures simply weren’t validated at all. The researchers found they could add an empty file named sig1.xml to an OOXML package – which consists of multiple zipped files – and the Office for Mac would show a security banner proclaiming that the document was protected by a signature.
“The attacks’ impact is alarming: attackers can arbitrarily manipulate the displayed content of a signed document, and victims are unable to detect the tampering,” the authors explain in their paper.
Microsoft, they claim, acknowledged the findings and awarded a bug bounty, but “has decided that the vulnerabilities do not require immediate attention.” And the researchers say they’ve not heard from OnlyOffice since October 2022.
See https://www.theregister.com/2023/06/13/office_open_xml_signatures/
#Blog, #microsoft, #OOXML, #security, #technology
#IBM is using #OOXML here https://gitlab.com/dpocock/wemakefedora-facts remember when IBM promoted #opendocument format (ODF)? #fedora #slapp
#microsoft committed crimes for #ooxml and now we waste time/effort paying for that crime of the criminals from Microsoft https://dev.blog.documentfoundation.org/2022/01/26/regression-fix-missing-lines-in-docx/ see http://techrights.org/ooxml-abuse-index/
#Microsoft -Captured #USPTO Doubles the Fines for #Patent Applicants That Don’t Use Microsoft http://techrights.org/2021/11/20/microsoft-captured-uspto/ #ooxml @zoobab
The latest from the #USPTO , based on a communication from yesterday afternoon, may serve to suggest the blowback is growing and applicants aren’t happy to be forced to use #Microsoft ’s #OOXML (or face severe penalties) http://techrights.org/2021/11/20/microsoft-captured-uspto/
#Microsoft -Captured #USPTO Doubles the Fines for #Patent Applicants That Don't Use Microsoft http://techrights.org/2021/11/20/microsoft-captured-uspto/ #Patents #ooxml
#ooxml has #libreoffice chasing #ProprietarySoftware fake 'standards' https://vmiklos.hu/blog/sw-linked-styles.html
Agents of Monopoly: #WIPO is Lobbying for or Reinforcing #Microsoft Monopoly by Pushing Its Proprietary Software and Formats • 𝔗𝔢𝔠𝔥𝔯𝔦𝔤𝔥𝔱𝔰 ⚓ http://techrights.org/2021/09/21/wipo-microsoft-ooxml/ ䷉ #Techrights #ooxml #FreeSW | ♾ Gemini address: gemini://gemini.techrights.org/2021/09/21/wipo-microsoft-ooxml/
Relatively decent coverage of #LibreOffice but much focus is wrongly put on #microsoft and #ooxml instead of #freesw and real, open #standards http://www.tuxmachines.org/node/154674
After #microsoft committed endless crimes for #ooxml the #libreoffice projects needs to clean up a mess. https://blog.documentfoundation.org/blog/2021/07/29/fixing-an-interoperability-bug-in-libreoffice-missing-lines-from-docx-part-1-3/ see http://techrights.org/ooxml-abuse-index/