Theater security

by Volker Weber

Thorsten Delbrouck describes in this SecurityTracker post how to bypass Microsoft Office security features:

1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like that: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document" (password is blank)

This is about the same level of security as the Notes client provides when locally enforcing the ACL. This can also be removed:

1. Open database in any hex-editor.
2. Find the range of bits between offset 0x16c and 0x1a7.This is the ACL.
3. Set any that aren't 00 to be 00.
4. Save the database.

Notes however does provide real security: Encryption.

Comments

Here's another way to get to the contents of a local database where the ACL is locally enforced:

Rename the nsf to ntf, copy it to your local data directory and use this as a template to create a new database. This will have all design elements and documents of the original db and you have manager access to it.

Indeed this doesn't enable you to edit documents in the original file but at least to see the contents of it.

Oliver Regelmann, 2004-01-04

I tried this Word thing, but didn't quite succeed...
I have a Word form from a client, which is supposed to become a project proposal. Since the form is designed for internal project proposals while I am doing an external one, I need to change some details. I already retrieved an unprotected version, but out of curiosity I wanted to check this out.
Saving the document as a web page, Word alerts me, that besides a text formating loss the form protection will be lost and I can continue or cancel. Continuing I cannot locate the mentioned tag in the resulting HTML file.
Any ideas on this?

Ragnar Schierholz, 2004-01-04

Simpler local ACL enforcement defeat strategy: change IDs. If you don't have another ID, make one. If the database has been carefully crafted to have default of no access, create an ID that matches a name or group that is in the ACL.

Alternatively, add the following line to your Notes.INI...
Disable_Local_Access_Control=1

Nathan T. Freeman, 2004-01-05

I thought the INI mod only worked in release 4.x? It's certainly never worked for me in 5, and it definitely doesn't in 6

Ben Poole, 2004-01-05

Recent comments

Johannes Matzke on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 18:49
Sven Richert on AutoSleep Tracking mit der Apple Watch at 13:46
Karl Heindel on Empathy and innovation :: this is not your dad's Microsoft anymore at 09:25
Karl Heindel on AutoSleep Tracking mit der Apple Watch at 09:23
Matthias Lorz on Empathy and innovation :: this is not your dad's Microsoft anymore at 07:39
Volker Gronau on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 05:13
Ben Langhinrichs on Empathy and innovation :: this is not your dad's Microsoft anymore at 23:50
Bernd Hofmann on Empathy and innovation :: this is not your dad's Microsoft anymore at 21:55
Hubert Stettner on Empathy and innovation :: this is not your dad's Microsoft anymore at 21:54
Daniel Gebauer on AutoSleep Tracking mit der Apple Watch at 21:02
Jens Becker on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 14:06
Mark Dörbandt on Jetzt auf meinem Sonos :: Das Radio der von Neil Young Getöteten at 13:38
christoph Graber on Jetzt auf meinem Sonos :: Das Radio der von Neil Young Getöteten at 12:53
Ahmad Masrieh on AutoSleep Tracking mit der Apple Watch at 11:53
Norbert Niemeyer on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 11:51
Henning Heinz on Barry Gibb :: The Last Bee Gee at 11:12
Volker Weber on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 11:03
Dominique Roller on ANC Headphones :: Beats vs Bose vs Microsoft vs Sony at 10:49
Volker Weber on Barry Gibb :: The Last Bee Gee at 10:26
Henning Heinz on Barry Gibb :: The Last Bee Gee at 10:24
Ragnar Schierholz on AutoSleep Tracking mit der Apple Watch at 09:47
Christian Heindel on AutoSleep Tracking mit der Apple Watch at 09:26
Volker Weber on AutoSleep Tracking mit der Apple Watch at 08:59
Jochen Schug on AutoSleep Tracking mit der Apple Watch at 08:57
Volker Weber on Invoxia Pet Tracker :: Ein kleiner Zwischenstand at 20:37

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 19:09

visitors.gif

buy me coffee

Paypal vowe