"Harlan Grove" wrote in:

Password cracking isn't necessarily illegal. Why assume OPs have illegal
intent?

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?


--
David R. Norton MVP

David R. Norton MVP wrote...
"Harlan Grove" wrote in:
Password cracking isn't necessarily illegal. Why assume OPs have illegal
intent?

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?

No, there's no way to prove anyone else's intentions, on Usenet or in
the real world. So does one walk around assuming everyone else is a
criminal?

so, for those whose first impression is that everyone else is a
criminal, how should one deal with the OP's request? Certainly not
provide the requested advice. That won't do! Remain silent (i.e., just
don't reply)? For the busy-body sorts, that won't do either! The
obvious answer is to become a net-nanny! How silly of me not to have
realized that.

"Harlan Grove" wrote in:

David R. Norton MVP wrote...
"Harlan Grove" wrote in:
Password cracking isn't necessarily illegal. Why assume OPs have illegal
intent?

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?

No, there's no way to prove anyone else's intentions, on Usenet or in
the real world. So does one walk around assuming everyone else is a
criminal?

No, but one should consider the possibility.

so, for those whose first impression is that everyone else is a
criminal, how should one deal with the OP's request? Certainly not
provide the requested advice. That won't do! Remain silent (i.e., just
don't reply)? For the busy-body sorts, that won't do either! The
obvious answer is to become a net-nanny! How silly of me not to have
realized that.

How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send someone
on site, verify the legitimacy of the request and act accordingly.


--
David R. Norton MVP

David R. Norton MVP wrote...
....
How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send someone
on site, verify the legitimacy of the request and act accordingly.
....

MVP stading for most vacuous posting?

The OP wanted to save money. A housecall from a local computer shop
would save the OP money?

Who's posting idiocy?!

"Harlan Grove" wrote in:

David R. Norton MVP wrote...
...
How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send
someone on site, verify the legitimacy of the request and act
accordingly.
...

MVP stading for most vacuous posting?

The OP wanted to save money. A housecall from a local computer shop
would save the OP money?

Who's posting idiocy?!

You are. Again...

--
David R. Norton MVP

David R. Norton MVP wrote...
"Harlan Grove" wrote in:
David R. Norton MVP wrote...
...
How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send
someone on site, verify the legitimacy of the request and act
accordingly.
...

MVP stading for most vacuous posting?

The OP wanted to save money. A housecall from a local computer shop
would save the OP money?

Who's posting idiocy?!

You are. Again...

Fine. I'm the idiot who realizes that honest people seeking to save
money wouldn't bother to follow your oh so sensible advice, and
criminals with half a brain more than you wouldn't bother for different
reasons.

You're the genius who believes money is no object after the OP has
indicated that it is. Apparently you know what the OP wants/needs
better than the OP himself. You must be able to provide detailed
responses to posting with just the word Help in the subject line and no
body, too.

If you want to call what I'm writing idiocy, go ahead. Definitions in
Usenet is maleable. Myself, I'd call it scorn.

Excellent advice, David! But of course, no one ever wants to actually pay
for such services.

--

JoAnn Paules
MVP Microsoft [Publisher]



"David R. Norton MVP" wrote in message
...
(snip)


How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send
someone
on site, verify the legitimacy of the request and act accordingly.


--
David R. Norton MVP

JoAnn Paules [MSFT MVP] wrote...
Excellent advice, David! But of course, no one ever wants to actually pay
for such services.
....

And how many computer shop employees know how to remove passwords from
Office documents?

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file? Now specialists in the
field would because they'd know their livelihoods depended on it, but
the average 24-year-old selling iPods and blank CD-Rs?

Are either you or David familiar with how easy it is to make any file
appear to below to any person? A could open a password-protected
computer file in a hex editor then save it to a harddrive or network
drive, thus changing the file ownership information. For files under
64KB, Windows still provides DEBUG.COM which can be used to do this.
Nuts, A could simply e-mail the file to himself from a web mail account
(which won't provide any ownership tags Outlook/Exchange might) and
detach the received copy. Granted the creation and modification dates
would be the same (a dead give-away), so use a touch utility a day or
so afterwards to change the access and modification times. How would
the proverbial computer shop employee be able to tell anything?

But at least you recognized the issue of cost, which was the OP's
original concern.

"Harlan Grove" wrote in:

JoAnn Paules [MSFT MVP] wrote...
Excellent advice, David! But of course, no one ever wants to actually pay
for such services.
...

And how many computer shop employees know how to remove passwords from
Office documents?

Every one I've ever encountered.

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file?

It's not difficult, going into a company site and having a person in
authority is reasonable indication, going into a private home and seeing a PC
simply requires asking.

But at least you recognized the issue of cost, which was the OP's
original concern.

And you fail to realize the major point that cost is completely immaterial.
The OP will have to pay whatever the going rate may be.



--
David R. Norton MVP

David R. Norton MVP wrote...
"Harlan Grove" wrote in:
....
And how many computer shop employees know how to remove passwords from
Office documents?

Every one I've ever encountered.

Then your experience is either severely outdated or unrepresentative.

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file?

It's not difficult, going into a company site and having a person in
authority is reasonable indication, going into a private home and seeing a PC
simply requires asking.

So all an IP thief would need to do is make a copy of a file, take it
home, copy it onto his own PC, call the shop and tell them his impish
nephew Bobby was playoing around on his PC and password protected his
customer list? And that proves legal access how?

But at least you recognized the issue of cost, which was the OP's
original concern.

And you fail to realize the major point that cost is completely immaterial.
The OP will have to pay whatever the going rate may be.

Perhaps cost is immaterial to you.

Did you read the OP? Cost seems to have been the OP's primary reason
for posting. *IF* there were free document password crackers, then the
OP wouldn't have to pay anything, would he? Well, perhaps online
connect time if he isn't on a fixed rate plan, and if you want to be
extremely exacting, there would be some opportunity cost to the OP's
time spent downloading and using up disk storage for such software. But
the cost would be a pittance if there were free software to do this.

Beyond that, the cost of on-site service would likely exceed the cost
of the on-line service the OP thought too expensive.

Other than displaying your self-conceived sense of moral superiority,
why did you bother participating in this thread? Clearly not to help
the OP.

In article ,
"David R. Norton MVP" wrote:

And how many computer shop employees know how to remove passwords from
Office documents?

Every one I've ever encountered.

You've asked at every computer shop? Or have you just not encountered
many? That differs significantly from my experience. The shops I work
with have nobody who's trained to do so. None of them knew that removing
a VBA password takes about 30 seconds with a hex editor (1 second if you
script it).

How many are willing to make house calls? How many are willing to take
on the liability for damages, including bonding? How many do more than
cursory background checks on their employees? How many even have an
interest in providing that service?

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file?

It's not difficult, going into a company site and having a person in
authority is reasonable indication

Hmmm...what authority is necessary? How do I know someone is "in
authority"? If you're talking liability to the computer shop for an
improperly unprotected file, a prudent computer shop owner would need a
heck of a lot of assurance, at a similarly inflated price.

going into a private home and seeing a PC
simply requires asking.

Now that's just laughable. So the person (not in authority) at the
company site takes the file home, and can have it unprotected just for
the asking?

You're trying to portray Office protection schemes as somehow more than
they are - more than Microsoft claims them to be. Protection is not
absolute - XL's worksheet and workbook protection are useful to keep
honest users from accidently overwriting formulas, that's *it*!!!! File
protection can keep casual snoopers out of the file, but even that
doesn't encrypt it - with a hex editor and a reasonable guess as to the
data layout and tokenization, you can reconstruct a workbook without
unprotecting it. It's a lot more work, of course...

In article ,
"David R. Norton MVP" wrote:

The sensible response would be to tell the OP to contact a local
computer shop who can send someone on site, verify the legitimacy of
the request and act accordingly.

"Sensible"? Who would you suggest is regulating the local computer
shops? What makes *them* trustworthy? What criteria would they use? What
if, as in many parts of my state, the "local" computer shop is 50+ miles
away?

I just called two local computer shops, and asked them how to bypass my
Word and Excel protection. None of them knew, nor were they interested
in making a house call. Nor could they tell me how they would determine
that someone's request was legitimate.

Sensible? Lunacy!

All you've done is attached an intermediary with a price tag to the
same solution that was posted here.

What benefit to anyone is there in presuming illegal intent, given that
the cracks are commonly available and cheap? Especially since the OP, in
this case, presumably used his real name and address, despite MS's
warnings not to?

If one presumes illegal intent, what should be done about such posts -
does one have a duty to report solicitation to commit a crime? To what
jurisdiction? Does one also have to report anyone who answers as a
co-conspirator?

IMO, it's better to freely admit that Office document protection schemes
are not secure, and direct people to the available information. At the
very least, being honest about the "security" of Office documents may
educate the OP and lurkers that they shouldn't rely on Office protection
for documents in which confidentiality is important.

The presumption of illegal intent simply slows, or prevents, the ability
of legitimate users to recover documents.



In article ,
"David R. Norton MVP" wrote:

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?

JE McGimpsey wrote in:

What benefit to anyone is there in presuming illegal intent, given that
the cracks are commonly available and cheap?

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

I can't see the ready availability of cracks is justification for using
them.

Especially since the OP, in this case, presumably used his real name and
address, despite MS's warnings not to?

And how do you know he used his real name? I notice while you're defending
him you use the word "presumably" so is it possible you also have some
doubts?

IMO, it's better to freely admit that Office document protection schemes
are not secure, and direct people to the available information.

MHO differs from yours. Next next time I see some disreputable person trying
to open a new luxury car with a coat hanger should I just assume it's his car
and he has a right to it? Isn't that pretty similar to what you're saying?


--
David R. Norton MVP

MHO differs from yours.

IMO, we should call a halt to this thread. It isn't helping the original
poster at all.

--
Echo [MS PPT MVP]
http://www.echosvoice.com

Echo S wrote...
IMO, we should call a halt to this thread. It isn't helping the original
poster at all.

So? Where is it written that all responses in every thread must benefit
the OP? For that matter threads such as these show which respondents
know what they're talking about only in their narrow fields of
expertise and are otherwise clueless.

In article ,
"David R. Norton MVP" wrote:

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

Please. The situation is not even remotely the same. The availability of
a commercial package that is never distributed via warez sites means
that downloading Office 2003 from those sites is presumably always
illegal.

There are, however, many legitimate uses for removing passwords. There
is nothing in any license agreement, much less law (at least in the US),
that restricts someone's ability to access files that they own or are
legally entitled to, by removing the password protection. There are
companies that have provided these legitimate services for decades, and
there have been free methods for many protections for nearly as long.

Given that even a moderately close reading of the Office license
agreement makes it clear that Microsoft doesn't represent that any
Office application is fit for any particular purpose, it's clear that MS
is not claiming that removing the protection violates its license, or
even that it's wrong.

The only other reason it would be illegal is if the person removing the
protection doesn't have the legal right to the information. That is not
a technical issue, and given that there are legitimate reasons for
removing the protection, I see absolutely no reason for people not to
avail themselves of legal services.

The fact that some misguided people rely on Office protection schemes to
keep their information secure, despite Microsoft's own explicit claim to
the contrary, and despite the plainly available free and commercial
methods of removing them, shouldn't limit the legal users from
recovering their information.

David R. Norton MVP wrote...
JE McGimpsey wrote in:
What benefit to anyone is there in presuming illegal intent, given that
the cracks are commonly available and cheap?

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

I can't see the ready availability of cracks is justification for using
them.
....

As even you have pointed out by your ridiculous suggestion for an
on-site support call, there are occasions on which it's legitimate to
remove passwords. When are there legitimate occasions to download
commercial software?

Your argument is similar to saying that because handguns are often used
to commit violent crimes, one should never tell anyone where the
nearest gun shop is located, and besides it's illegal to buy .50
machine guns!

Especially since the OP, in this case, presumably used his real name and
address, despite MS's warnings not to?

And how do you know he used his real name? I notice while you're defending
him you use the word "presumably" so is it possible you also have some
doubts?

Did you miss the word 'presumably' or do you not understand its
meaning?

The point is that you can either assume posters have legitimate or
illegitimate intent. If you believe they have illegitimate intent, you
won't prevent those of us who assume legitimate intent from replying.
So what is the point of your participation in these cases? Parading
your own self-impotant sense of moral rectitude would seem to be the
only purpose served.

MHO differs from yours. Next next time I see some disreputable person trying
to open a new luxury car with a coat hanger should I just assume it's his car
and he has a right to it? Isn't that pretty similar to what you're saying?

Not quite accurate in this case.

The analogy would be closer to Eric can't get into a particular car, he
hasn't stated explicitly that it's his car, and it's pretty clear he
can't open it on his own. He doesn't like the price quoted by Moe's
Garage to open the lock and has asked for cheaper alternatives. Some
other posters have directed him to AAA. Presumably AAA would want to
remain in business so would check that Eric had legal standing to open
the file in order to avoid being criminal accessories.

Despite this obvious chain of reasoning, in gallop the net-nannies to
claim that this COULD be illegal, so no one should offer to help Eric.

In .com, Harlan
Grove told us an interesting story. My reply to this story is at the
bottom of this message.

Your argument is similar to saying that because handguns are often
used to commit violent crimes, one should never tell anyone where the
nearest gun shop is located, and besides it's illegal to buy .50
machine guns!

About morality: (and off-topic)
Terminating life is moral (or at least amoral) because some weird
constitution allows the posession of deadly weapons. It's even shown on
tv as entertainment. Weapons, brought to you by the guy who played the
guy with the stone tablets that said Killing Isn't A Good Thing, Really.
Creating life (sex) otoh is considered immoral.

I'm confused, and I'm glad I'm a rightponder.

--
Amedee Van Gasse