I have noticed a lot of tools on the web that claim to be able to "crack"
passwords to excel and other office tools. Parts of the system that I help to
develop depends on excel file passwords to protect sensitive information and
code. What's the nature of the vulnerability? Has anyone found a work around
yet?
- Rm
Highly vulnerable.
Sensitive information should be placed in perhaps a compiled dll.
--
Regards,
Tom Ogilvy
"Robert Mulroney" <''''[email protected]''''> wrote in message
news:[email protected]...
> I have noticed a lot of tools on the web that claim to be able to "crack"
> passwords to excel and other office tools. Parts of the system that I help
to
> develop depends on excel file passwords to protect sensitive information
and
> code. What's the nature of the vulnerability? Has anyone found a work
around
> yet?
>
> - Rm
What's the nature of the problem? Is it just that there is no limit to the
number of attempts that you can have at the password? ie. break the password
with brute force?
Is there some Microsoft explaination of how this happend, I need to know so
that I can put a proposal together.
thanks for you help,
- Rm
"Tom Ogilvy" wrote:
> Highly vulnerable.
>
> Sensitive information should be placed in perhaps a compiled dll.
>
> --
> Regards,
> Tom Ogilvy
>
> "Robert Mulroney" <''''[email protected]''''> wrote in message
> news:[email protected]...
> > I have noticed a lot of tools on the web that claim to be able to "crack"
> > passwords to excel and other office tools. Parts of the system that I help
> to
> > develop depends on excel file passwords to protect sensitive information
> and
> > code. What's the nature of the vulnerability? Has anyone found a work
> around
> > yet?
> >
> > - Rm
>
>
>
The problem is that password protection is to provide assistance in keeping
a worksheet from getting messed up or to prevent the user from adding,
deleting or unhiding sheets - but more as a convenience than to offer any
real protection. You can get code here for free that will quickly defeat
both of these levels of protection.
See a description of this protection at
http://www.mcgimpsey.com/excel/removepwords.html
File protection can be hacked with a commercial product such as that at
http://www.lostpassword.com. Same for VBA. Of course file level protection
is useless in your case because you have to let the user have access to the
workbook. then you are back to sheet and book level protection.
If you look at the lostpassword site, you will see they have products for
almost all office applications.
--
Regards,
Tom Ogilvy
"Robert Mulroney" <''''[email protected]''''> wrote in message
news:[email protected]...
> What's the nature of the problem? Is it just that there is no limit to the
> number of attempts that you can have at the password? ie. break the
password
> with brute force?
>
> Is there some Microsoft explaination of how this happend, I need to know
so
> that I can put a proposal together.
>
> thanks for you help,
>
> - Rm
>
> "Tom Ogilvy" wrote:
>
> > Highly vulnerable.
> >
> > Sensitive information should be placed in perhaps a compiled dll.
> >
> > --
> > Regards,
> > Tom Ogilvy
> >
> > "Robert Mulroney" <''''[email protected]''''> wrote in message
> > news:[email protected]...
> > > I have noticed a lot of tools on the web that claim to be able to
"crack"
> > > passwords to excel and other office tools. Parts of the system that I
help
> > to
> > > develop depends on excel file passwords to protect sensitive
information
> > and
> > > code. What's the nature of the vulnerability? Has anyone found a work
> > around
> > > yet?
> > >
> > > - Rm
> >
> >
> >
Wow! Okay, um, don't tell my users. It looks like I've got some work to do.
thanks again,
- Rm
"Tom Ogilvy" wrote:
> The problem is that password protection is to provide assistance in keeping
> a worksheet from getting messed up or to prevent the user from adding,
> deleting or unhiding sheets - but more as a convenience than to offer any
> real protection. You can get code here for free that will quickly defeat
> both of these levels of protection.
>
> See a description of this protection at
> http://www.mcgimpsey.com/excel/removepwords.html
>
> File protection can be hacked with a commercial product such as that at
> http://www.lostpassword.com. Same for VBA. Of course file level protection
> is useless in your case because you have to let the user have access to the
> workbook. then you are back to sheet and book level protection.
>
> If you look at the lostpassword site, you will see they have products for
> almost all office applications.
>
> --
> Regards,
> Tom Ogilvy
>
>
> "Robert Mulroney" <''''[email protected]''''> wrote in message
> news:[email protected]...
> > What's the nature of the problem? Is it just that there is no limit to the
> > number of attempts that you can have at the password? ie. break the
> password
> > with brute force?
> >
> > Is there some Microsoft explaination of how this happend, I need to know
> so
> > that I can put a proposal together.
> >
> > thanks for you help,
> >
> > - Rm
> >
> > "Tom Ogilvy" wrote:
> >
> > > Highly vulnerable.
> > >
> > > Sensitive information should be placed in perhaps a compiled dll.
> > >
> > > --
> > > Regards,
> > > Tom Ogilvy
> > >
> > > "Robert Mulroney" <''''[email protected]''''> wrote in message
> > > news:[email protected]...
> > > > I have noticed a lot of tools on the web that claim to be able to
> "crack"
> > > > passwords to excel and other office tools. Parts of the system that I
> help
> > > to
> > > > develop depends on excel file passwords to protect sensitive
> information
> > > and
> > > > code. What's the nature of the vulnerability? Has anyone found a work
> > > around
> > > > yet?
> > > >
> > > > - Rm
> > >
> > >
> > >
>
>
>
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Register To Reply
Bookmarks