Security News > 2022 > October > S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]
![S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]](/static/build/img/news/s3-ep105-wontfix-the-ms-office-cryptofail-that-isnt-a-security-flaw-audio-text-medium.jpg)
2022-10-20 18:54
DOUG. "Your password has a low security level and maybe at risk. Please change your login password."
DUCK. Yes, "Your password has a low security level".
DOUG. "BECAUSE OF US!". DUCK. That's not just patronising, is it?
So on my computer, if you echo USER, you get USER, but if you echo $USER, you get the word duck instead. And some of the Java string substitutions go much, much, much further than that as anyone who suffered the joy of fixing Log4Shell over Christmas 2021 will remember!
Until recently, Java [LAUGHS] the Java Development Kit contained, inside itself, a full, working JavaScript engine, written in Java.
If you go to the Naked Security article, you will see me using a suspect command to pop a calc, Doug!