<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2719.2200" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV><FONT face="Courier New"
size=2>======================================================================<BR> L
O W L A N D S - L * 13.SEP.2002 (03) * ISSN 189-5582 * LCSN 96-4226<BR> Web
Site: <</FONT><A href="http://www.lowlands-l.net"><FONT face="Courier New"
size=2>http://www.lowlands-l.net</FONT></A><FONT face="Courier New"
size=2>> Email: </FONT><A href="mailto:admin@lowlands-l.net"><FONT
face="Courier New" size=2>admin@lowlands-l.net</FONT></A><BR><FONT
face="Courier New" size=2> Rules & Guidelines: <</FONT><A
href="http://www.lowlands-l.net/rules.htm"><FONT face="Courier New"
size=2>http://www.lowlands-l.net/rules.htm</FONT></A><FONT face="Courier New"
size=2>><BR> Posting Address: <</FONT><A
href="mailto:lowlands-l@listserv.linguistlist.org"><FONT face="Courier New"
size=2>lowlands-l@listserv.linguistlist.org</FONT></A><FONT face="Courier New"
size=2>><BR> Server Manual: <</FONT><A
href="http://www.lsoft.com/manuals/1.8c/userindex.html"><FONT face="Courier New"
size=2>http://www.lsoft.com/manuals/1.8c/userindex.html</FONT></A><FONT
face="Courier New" size=2>><BR> Archive: <</FONT><A
href="http://listserv.linguistlist.org/archives/lowlands-l.html"><FONT
face="Courier New"
size=2>http://listserv.linguistlist.org/archives/lowlands-l.html</FONT></A><FONT
face="Courier New"
size=2>><BR>=======================================================================<BR> You
have received this because have been subscribed upon request. To
<BR> unsubscribe, please send the command "signoff lowlands-l" as message
<BR> text from the same account to <</FONT><A
href="mailto:listserv@listserv.linguistlist.org"><FONT face="Courier New"
size=2>listserv@listserv.linguistlist.org</FONT></A><FONT face="Courier New"
size=2>> or<BR> sign off at <</FONT><A
href="http://linguistlist.org/subscribing/sub-lowlands-l.html"><FONT
face="Courier New"
size=2>http://linguistlist.org/subscribing/sub-lowlands-l.html</FONT></A><FONT
face="Courier New"
size=2>>.<BR>=======================================================================<BR> A=Afrikaans
Ap=Appalachian B=Brabantish D=Dutch E=English F=Frisian <BR> L=Limburgish
LS=Lowlands Saxon (Low German) S=Scots Sh=Shetlandic
<BR>
V=(West)Flemish Z=Zeelandic
(Zeêuws)<BR>=======================================================================</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>From: R. F. Hahn <</FONT><A
href="mailto:admin@lowlands-l.net"><FONT face="Courier New"
size=2>admin@lowlands-l.net</FONT></A><FONT face="Courier New"
size=2>><BR>Subject: Administrativa</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Folks,</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Sorry about the weird mailing
action this weird morning of Friday the 13th. Our LINGUIST hosts must
have changed something in the setup, so I had to fiddle around until I found
away around it.</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Talking about "weird," below please find a
software bug warning a friend sent me. Yes, it is genuine, was also
mentioned in the US news this morning. So please be cautious when
receiving attachments.</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Regards,</FONT></DIV>
<DIV><FONT face="Courier New" size=2>Reinhard/Ron</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>===</FONT></DIV>
<DIV><TT><FONT size=2></FONT></TT> </DIV>
<DIV><TT><FONT size=2>Hi, everyone!<BR><BR>I just finished reading this article
on cbsnews.com, quite a credible<BR>source of information. This concerns
anyone using Microsoft Word 97,<BR>2000, or 2002. You may look at the
article on cbsnews.com's web site on<BR>the following pages:<BR><BR></FONT><A
href="http://www.cbsnews.com/stories/2002/08/30/tech/main520370.shtml"
target=_blank><FONT
size=2>http://www.cbsnews.com/stories/2002/08/30/tech/main520370.shtml</FONT></A><BR><A
href="http://www.cbsnews.com/stories/2002/08/30/tech/printable520370.shtml"
target=_blank><FONT
size=2>http://www.cbsnews.com/stories/2002/08/30/tech/printable520370.shtml</FONT></A><BR><BR><FONT
size=2>This may be the most compelling reason yet to give up on
Microsnoot<BR>Windows completely and migrate to Mac or Linix; actually, I do
nearly<BR>all my word processing using WordPerfect 8. For reference, here
is the<BR>article in its entirety.<BR></FONT><BR><FONT size=2>- - - - - - - -
-</FONT></TT></DIV>
<DIV><PRE><TT><FONT size=2></FONT></TT><TT>
<FONT size=2>Security Flaw In Microsoft Word
WASHINGTON, Sept. 13, 2002
Microsoft's flagship word processor has a security flaw that could allow
the theft of computer files by "bugging" a document with a hidden code,
the company disclosed. It was exploring how to fix the problem and
whether to extend the repair to an older version of the software still
used by millions.
The attack begins when a bugged document goes out, usually with a
request to be revised and returned to the sender - a common form of
daily communication. When the document is changed and sent back, the
targeted file accompanies it.
"It has the potential of allowing people to get at data that they are
explicitly not allowed to get to," said Woody Leonhard, who has written
books on Microsoft's Word and Office software.
The flaw would most likely occur in the workplace, where Word is the
most prominent word processing program. Potential targets for theft are
sensitive legal contracts, payroll records or e-mails, either from a
hard drive or computer network, depending on the victim's access to
files.
"The issue appears to affect all versions of Microsoft Word," Microsoft
said in a statement in response to questions by The Associated Press.
"When the investigation is completed, we will take the action that best
serves Microsoft's customers."
Word 97, an earlier version of the program, is most susceptible to the
attack. Microsoft said it is its policy to no longer repair Word 97, but
said the company is still exploring the issue.
A research firm reported in May that about 32 percent of offices have
copies of Word 97 running, according to a survey of 1,500 high-tech
managers worldwide.
Analyst Laura DiDio of the Yankee Group said the companies are taking a
risk by using such old software. But she said Microsoft should correct
the problem because of its severity. "These are paying customers," DiDio
said.
Leonhard said Word 97 users "bought the package with full faith in
Microsoft and its ability to protect them from this kind of exploit."
Word 97 users may be able to get some help from Microsoft's telephone
tech support, company spokesman Casey McGee said. But, referring to
Microsoft engineers, McGee said "there's only so far back they can go."
The flaw involving Word 97 was discovered by Alex Gantman of cellular
phone company Qualcomm and was released on the Internet last month.
An attacker only has to place hidden codes in a Word document, which is
sent to a would-be victim with a request for a response. If the
recipient has Word 97 and revises the Word document, any file sought by
the attacker will be hidden inside the Word document and sent back to
the attacker.
If the intended target uses Word 2000 or 2002, the most recent versions,
the attack will only work if the Word document is printed first before a
reply goes out to the attacker.
After seeing Gantman's work on a public security e-mail forum, Leonhard
found a similar flaw that affects recent Word versions even when a
document is not printed. In this case, the stolen file is visible within
the document, although the attacker can make it hard to find.
Microsoft says that in both security flaws, an attacker would have to
know the exact file name to be stolen and its location. But many
critical files - an address book or saved e-mails, for example - are
usually in obvious or predictable places on every Microsoft Windows
computer.
Microsoft suggests users view hidden codes in every document they open.
In Word 2002, the latest version, that can be done by selecting tools,
options, then checking the "field codes" box. Many companies, however,
use such codes for legitimate and harmless purposes.
Leonhard said that if an attacker tries to steal a very large file, the
victim might notice it when saving or e-mailing the bugged document. A
smaller file might not get that attention.
"It's very much dependent on the greed of the person fishing for a
file," Leonhard said.
(Note: Woody Leonhard is the co-author of "Word 97 Annoyances",
Cambridge: O'Reilly & Associates, Inc., 1997, and other books on
Microsoft Word and Office. - p.b.)
</FONT></TT><FONT face="Courier New" size=2></FONT></PRE><PRE><FONT face="Courier New" size=2>==================================END===================================<BR> * Please submit postings to <</FONT><A href="mailto:lowlands-l@listserv.linguistlist.org"><FONT face="Courier New" size=2>lowlands-l@listserv.linguistlist.org</FONT></A><FONT face="Courier New" size=2>>.<BR> * Postings will be displayed unedited in digest form.<BR> * Please display only the relevant parts of quotes in your replies.<BR> * Commands for automated functions (including "signoff lowlands-l") are<BR> to be sent to <</FONT><A href="mailto:listserv@listserv.linguistlist.org"><FONT face="Courier New" size=2>listserv@listserv.linguistlist.org</FONT></A><FONT face="Courier New" size=2>> or at<BR> <</FONT><A href="http://linguistlist.org/subscribing/sub-lowlands-l.html"><FONT face="Courier New" size=2>http://linguistlist.org/subscribing/sub-lowlands-l.html</FONT></A><FONT face="Courier New" size=2>>.<BR> * Please use only Plain Text format, not Rich Text (HTML) or any other<BR> type of format, in your submissions<BR>=======================================================================</FONT></PRE></DIV></DIV></BODY></HTML>