pacsec

OpenOffice / OpenDocument and MS Office 2007 / Open XML security

Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)

Not too surprising when you come to think of it, there are tons of possibilities to embed various kinds of malware in the new office document formats. Also, you always have the risk of leaving sensitive metadata in there... If you publish stuff, you better convert to PDF before. But even that might leave sensitive data in the PDF, mind you!

Oh, and one nice detail you might enjoy:

  • OpenDocument specification: 700 pages
  • Microsoft's Open XML specification (final draft): 6036 pages!

And that doesn't even describe all of the format (e.g. VBA macros are missing)! No further comment required...

Syndicate content