Weird® Paranoia Dept.
Secret Leading-Edge Insecurity Section.
Weird® Development Committee Meetings
Mega$loth® Internal Document dated 12/17/97
(Accidentally Leaked by: Mega$loth® BugZ®
'98 Beta SN3.0071afu)
Weird® Business Intelligence
Minutes of Meeting held on 12/17/97 at 10:30am
- In attendance:
- Phedron C. Balderdash IX (Chair)
- James 'Red Barrel' Grotney (UK)
- William Sounding-Orff (UK)
- Frederick Faustian (Technical Adviser)
- Ivan Cheromorokowski (Secretary)
This meeting was convened to discuss some of the concerns surrounding the
'hacking' of Mega$loth® Weird® document files, and how
to retain the advantages that the special Weird® hidden features give
Mega$loth® Corporation, without prejudicing Weird®'s
position as the standard leading-edge large wordprocessor application used
by all world goverments and major corporations.
These concerns were brought to light by Mega$loth®
Corporation's 'World Wide Web' and 'Usenet' monitoring teams, who carefully
check the contents of all Internet documents containing references to
Mega$loth® or any of its products.
The committee welcomed its two new recruits from the UK Intelligence
Community, and hoped that their expertise in dealing with matters of secrecy
in the world's most secretive state would prove to be of great benefit to
the Mega$loth® Corporation.
Subject #20074/97: The 'UNDO BUFFER'
Decision: No further action meantime.
1. A number of concerns have emerged recently concerning the security of
Weird® documents. These concerns pointed to the fact that
whenever a portion of a Weird® document is deleted, the deleted
material is placed in the document's 'undo buffer' so that it can be
retrieved at a later time if the deletion was found to be in error. This
'undo buffer' - a portion of the computer's memory allocated to the document
- is saved as part of the document file.
2. The problem is particularly manifest when a new Weird®
document is derived from an older version. When letters are prepared for
multiple addressees in turn, even though it is not the originator's
intention that the recipient knows who the other recipients are, this
information, and perhaps other material such as personalized salutations can
be readily hacked from the document. The position of the recipient of the
last variation is that he or she can have access to all that knowledge, if
they are competent to extract it.
3. Every new generation of Weird® documents derived from the
original will contain material from all previous documents. In the case of
commercial material, this has grave security implications for businesses who
send or exchange documents in Weird® files rather than as
- Mr. Faustian opened the discussion by outlining the technical background
of the features under discussion, and pointed out that these had been
deliberately designed into the Weird® application. Initially it
had been thought that the stored undo buffer would only be of help to the
end users, but latterly it was being realised that this was also of great
benefit to Mega$loth® itself, and would assist the Corporation in
its aims of global domination, as a great number of problem documents
containing useful intelligence were being sent to the Corporation's User
Support teams. It was also beneficial that users unwittingly increased the
size of their document, thereby reinforcing their impression that
Weird®'s power is directly proportionate to the size of its
- Mr. Faustian then recommended that the common aspects of both items be
dealt with together, and this was agreed unanimously.
The meeting then adjourned for an hour while the Mega$loth®
Meeting Minute Number Allocation software was instructed to provide a new
minute number for the combined item.
- Factors Specific to the 'Undo Buffer':
- Encoding the contents of the 'Undo Buffer' in hexadecimal or some other
internal format might make the information less readily accessible. This
might also have the advantage of making the Weird® document even
- It was decided that in the interim, no action was to be taken to change
the way the 'Undo Buffer' is stored, as not one single government or major
corporation using Weird® had spotted the problem. The concerns
were being voiced by private users, who are really not our concern, but the
foregoing paragraph would be kept in mind if it was necessary to further
increase the size of Weird® documents at a later date.
Subject: #20085/97: The 'DOCUMENT STORAGE RECORD'
1. The second major concern was the fact that Weird® documents
also contain details of the file storage paths, of both the document itself
and its embedded (OLE) files, of the machine on which the documents were
2. A determined hacker with access to a number of Weird®
documents originated on one machine would have a fair chance of recreating a
significant part of the directory structure of that machine, or the computer
network to which it is connected.
3. Armed with such knowledge, it might be then possible for determined
hackers to gain access to Weird® documents on remote machines -
via the Internet for example - and use this knowledge to 'spy' on
competitors, or to gain commercial or other intelligence without the
rightful users being aware of it.
4. The implications of this situation in relation to Data Protection or
Computer Misuse legislation in many countries is also of great concern.
- Factors in common with the previous item are dealt with in Subject
- Factors Specific to the 'Document Storage Record':
- Mr. Faustian pointed out that once a document comes into
Mega$loth®'s hands, the information in the 'Document Storage
Record' allows Mega$loth® to keep track of future changes to the
contents of individual hard disks and networks. This is achieved by the
integration of the 'cookie' feature in the Mega$loth® Internet
Exploder application with the latest versions of Weird®. When
users whose documents are in our possession log on to the World Wide Web, an
automatic call is made to the Mega$loth® Megaserver at HQ
Action Central, and a copy of their complete directory structure is
transmitted to us, without the individual user being aware of it.
- As with the 'Undo Buffer' item, encoding the contents of the 'Document
Storage Record' in hexadecimal or some other internal format might make the
information less readily accessible. However there seems to be no commercial
gain to be had by such encoding, so it is not recommended.
- It was therefore decided that in the interim, no action was to be taken
to change the way the 'Document Storage Record' is stored.
Decision: No further action required.
Subject: #20074.85/97: Weird® FEATURES: COMMON
- Mr. Faustian pointed out the following achievements, which put the
foregoing comments into focus, which should ensure the continuing expansion
of the Mega$loth® Corporation:
- All the risk associated with these concerns is borne by the end users of
Weird®, and not by Mega$loth® itself.
- Careful indoctrination of IT support teams in business and governments
through our 'Train them, don't educate them!' policy is ensuring that they
remain unaware of these security implications. A side benefit of this
approach is that competing products and operating systems are marginalised
in their eyes as being non-professional and thus inconsequential. This
strategy will ultimately ensure the demise of all viable competition.
- With the almost complete penetration of Mega$loth® products
into central and local governments worldwide having now been achieved, and
the takeover of the Internet being well under way, the opportunity for
Mega$loth® to achieve the de-facto status of 'real-world'
government is now close to being realised. Nothing should be allowed to
stand in the way of this. Weird® is a major tool in our armory.
Admission or rectification of these faults can only bring disbenefits to
- The committee recognises that it requires a great deal of nerve on the
part of Mega$loth® and its employees and supporters to proceed in
the face of these and other concerns, but if we do we shall ultimately
prevail, and Bill Grates will be able to take up his rightful position as
'Lord of This World'.
Decision: No further action meantime.
The meeting adjourned at 7:30pm.
BugZ® '98 Leak Ends