Mega$loth® Corporation

Weird® Development Committee Meetings

Mega$loth® Internal Document dated 12/17/97 9:30pm
(Accidentally Leaked by: Mega$loth® BugZ® '98 Beta SN3.0071afu)

Weird® Business Intelligence Sub-Committee

Minutes of Meeting held on 12/17/97 at 10:30am

In attendance:

Phedron C. Balderdash IX (Chair)

James 'Red Barrel' Grotney (UK)

William Sounding-Orff (UK)

Frederick Faustian (Technical Adviser)

Ivan Cheromorokowski (Secretary)

This meeting was convened to discuss some of the concerns surrounding the 'hacking' of Mega$loth® Weird® document files, and how to retain the advantages that the special Weird® hidden features give Mega$loth® Corporation, without prejudicing Weird®'s position as the standard leading-edge large wordprocessor application used by all world goverments and major corporations.

These concerns were brought to light by Mega$loth® Corporation's 'World Wide Web' and 'Usenet' monitoring teams, who carefully check the contents of all Internet documents containing references to Mega$loth® or any of its products.

The committee welcomed its two new recruits from the UK Intelligence Community, and hoped that their expertise in dealing with matters of secrecy in the world's most secretive state would prove to be of great benefit to the Mega$loth® Corporation.

Subject #20074/97: The 'UNDO BUFFER'

Situational Resumé

1. A number of concerns have emerged recently concerning the security of Weird® documents. These concerns pointed to the fact that whenever a portion of a Weird® document is deleted, the deleted material is placed in the document's 'undo buffer' so that it can be retrieved at a later time if the deletion was found to be in error. This 'undo buffer' - a portion of the computer's memory allocated to the document - is saved as part of the document file.

2. The problem is particularly manifest when a new Weird® document is derived from an older version. When letters are prepared for multiple addressees in turn, even though it is not the originator's intention that the recipient knows who the other recipients are, this information, and perhaps other material such as personalized salutations can be readily hacked from the document. The position of the recipient of the last variation is that he or she can have access to all that knowledge, if they are competent to extract it.

3. Every new generation of Weird® documents derived from the original will contain material from all previous documents. In the case of commercial material, this has grave security implications for businesses who send or exchange documents in Weird® files rather than as printouts.

• Mr. Faustian opened the discussion by outlining the technical background of the features under discussion, and pointed out that these had been deliberately designed into the Weird® application. Initially it had been thought that the stored undo buffer would only be of help to the end users, but latterly it was being realised that this was also of great benefit to Mega$loth® itself, and would assist the Corporation in its aims of global domination, as a great number of problem documents containing useful intelligence were being sent to the Corporation's User Support teams. It was also beneficial that users unwittingly increased the size of their document, thereby reinforcing their impression that Weird®'s power is directly proportionate to the size of its documents.
• Mr. Faustian then recommended that the common aspects of both items be dealt with together, and this was agreed unanimously.

The meeting then adjourned for an hour while the Mega$loth® Meeting Minute Number Allocation software was instructed to provide a new minute number for the combined item.

• Factors Specific to the 'Undo Buffer':
  • Encoding the contents of the 'Undo Buffer' in hexadecimal or some other internal format might make the information less readily accessible. This might also have the advantage of making the Weird® document even bigger!
  • It was decided that in the interim, no action was to be taken to change the way the 'Undo Buffer' is stored, as not one single government or major corporation using Weird® had spotted the problem. The concerns were being voiced by private users, who are really not our concern, but the foregoing paragraph would be kept in mind if it was necessary to further increase the size of Weird® documents at a later date.

Situational Resumé

1. The second major concern was the fact that Weird® documents also contain details of the file storage paths, of both the document itself and its embedded (OLE) files, of the machine on which the documents were created.

2. A determined hacker with access to a number of Weird® documents originated on one machine would have a fair chance of recreating a significant part of the directory structure of that machine, or the computer network to which it is connected.

3. Armed with such knowledge, it might be then possible for determined hackers to gain access to Weird® documents on remote machines - via the Internet for example - and use this knowledge to 'spy' on competitors, or to gain commercial or other intelligence without the rightful users being aware of it.

4. The implications of this situation in relation to Data Protection or Computer Misuse legislation in many countries is also of great concern.

• Factors in common with the previous item are dealt with in Subject #20074.85/97.
• Factors Specific to the 'Document Storage Record':
  • Mr. Faustian pointed out that once a document comes into Mega$loth®'s hands, the information in the 'Document Storage Record' allows Mega$loth® to keep track of future changes to the contents of individual hard disks and networks. This is achieved by the integration of the 'cookie' feature in the Mega$loth® Internet Exploder application with the latest versions of Weird®. When users whose documents are in our possession log on to the World Wide Web, an automatic call is made to the Mega$loth® Megaserver at HQ Action Central, and a copy of their complete directory structure is transmitted to us, without the individual user being aware of it.
  • As with the 'Undo Buffer' item, encoding the contents of the 'Document Storage Record' in hexadecimal or some other internal format might make the information less readily accessible. However there seems to be no commercial gain to be had by such encoding, so it is not recommended.
  • It was therefore decided that in the interim, no action was to be taken to change the way the 'Document Storage Record' is stored.

Decision: No further action required.

Subject: #20074.85/97: Weird® FEATURES: COMMON FACTORS

• Mr. Faustian pointed out the following achievements, which put the foregoing comments into focus, which should ensure the continuing expansion of the Mega$loth® Corporation:
  • All the risk associated with these concerns is borne by the end users of Weird®, and not by Mega$loth® itself.
  • Careful indoctrination of IT support teams in business and governments through our 'Train them, don't educate them!' policy is ensuring that they remain unaware of these security implications. A side benefit of this approach is that competing products and operating systems are marginalised in their eyes as being non-professional and thus inconsequential. This strategy will ultimately ensure the demise of all viable competition.
  • With the almost complete penetration of Mega$loth® products into central and local governments worldwide having now been achieved, and the takeover of the Internet being well under way, the opportunity for Mega$loth® to achieve the de-facto status of 'real-world' government is now close to being realised. Nothing should be allowed to stand in the way of this. Weird® is a major tool in our armory. Admission or rectification of these faults can only bring disbenefits to Mega$loth®.
• The committee recognises that it requires a great deal of nerve on the part of Mega$loth® and its employees and supporters to proceed in the face of these and other concerns, but if we do we shall ultimately prevail, and Bill Grates will be able to take up his rightful position as 'Lord of This World'.

Decision: No further action meantime.

The meeting adjourned at 7:30pm.

Mega$loth® Index