Security Risk in Word 04

[John Wolf]

I copy and paste from a Resume to a Yahoo Mail message and this happens.

Version:1.0 StartHTML:0000000174 EndHTML:0000004131 StartFragment:0000003356
EndFragment:0000004095
SourceURL:file://localhost/Users/jwolf6589/Desktop/LAM%20RESUME.doc
Deborah Bonner, Greer, SC            1999-2001
Private Tutor
·           Mentored a terminally ill pre-adolescent with ADD

How can this be fixed?


John

 

[John McGhie]

How would that be a security risk in Word 2004?

Were you not aware that if you add a URL to *anything*, the URL contains the
complete path to the location of the target? Well, you know now

Any application that permits URLs will publish a complete path to the
location of the target: it must do, that's how URLs work.

There are two ways to overcome this. You can either create a Word document
that contains only what you want to send, and make sure it does not have any
URLs in it. Then send that as an attachment.

Or you can save the entire file as Plain Text, re-open the plain text
version, and copy from that.

Since I am a person who sometimes hires staff, you might be interested in
the following:

For business purposes (i.e. Resumes) the recipient will expect you to send
your completed resume as an attachment. Anyone applying for a job with me
loses points if they don't know how to attach a file to an email, and more
points if they send anything from a "free" email service.

I expect staff I hire to know how to send a business email as part of the
normal course of their duties: If they don't know how to do this correctly,
I would probably not hire them: my budgets are too tight these days to be
teaching someone the basics

Similarly: If someone sends from a "free" email service, I am immediately
suspicious. Because I do not know who I am talking to, and it would appear
that such people are not well-enough established in life and in business to
afford their own email account. Maybe that's OK for "The first job out of
high school", but after that, I would expect job applicants to send from
their own email account

I am sure that you already know that the job market is very tight currently,
and every little bit helps. As an employer, I am not looking for a "reason
to hire you". I am looking for "99 reasons NOT to hire you". Because as
soon as I advertise any job, I get at least 100 applications from people who
"can do the job". I only want one, so I am immediately looking for 99
reasons to say no to the others. Sorry: it's a hard old world.

Hope this helps

I copy and paste from a Resume to a Yahoo Mail message and this happens.

Version:1.0 StartHTML:0000000174 EndHTML:0000004131 StartFragment:0000003356
EndFragment:0000004095
SourceURL:file://localhost/Users/jwolf6589/Desktop/LAM%20RESUME.doc
Deborah Bonner, Greer, SC            1999-2001
Private Tutor
·           Mentored a terminally ill pre-adolescent with ADD

How can this be fixed?


John

--

This email is my business email -- Please do not email me about forum
matters unless you intend to pay!

John McGhie, Microsoft MVP (Word, Mac Word), Consultant Technical Writer,
McGhie Information Engineering Pty Ltd
Sydney, Australia. | Ph: +61 (0)4 1209 1410
+61 4 1209 1410, mailto:[email protected]

 

[Jeff Chapman]

Hello John,

Similarly: If someone sends from a "free" email service, I am immediately
suspicious. Because I do not know who I am talking to, and it would appear
that such people are not well-enough established in life and in business to
afford their own email account. Maybe that's OK for "The first job out of
high school", but after that, I would expect job applicants to send from
their own email account

I can understand why you would immediately be suspicious
of emails coming from so-called "free" email services.
It's easy enough for anyone to get a free account these days
and pelt an employer with oodles of junk mail.
Also, having a email account with your own identity
establishes that you've taken the time to set up your own
domain name, or at the very least that you are using the email
service provided by your ISP's home domain (which is not
always the most flexible thing in the world).

On the other hand, I have a few comments.

In my previous job, I was responsible for hiring new employees.
Many candidates (quite possibly, MOST candidates) used free mail
services such as Hotmail, Yahoo!, Gmail and so on.
My first argument is that nothing is ever really "free",
in that all of these services contain paid advertisements that
you need to put up with. (Many of these free mail services
in fact offer paid upgrades that are ad-free.)
I would agree that the ads don't usually leave a positive
impression on the employer on the receiving end.
On the other hand, however, they are ubiquitous in Internet
society and culture today, much like a bus advert or a magazine
advert. I never personally felt that just because the job
candidate was using a free mail service, that he/she was
slouching off in his/her duties as a job seeker, or that
he/she needed to go out and pay for a "respectable" email address.
Some free email services (such as Gmail) actually offer email
without inline ads, so it is possibly to still use a free mail
service and be semi-respectable. So I wouldn't write a prospective
employee off based on his/her email address (unless the address
was vulgar, racist or otherwise displayed a blatant lack
of professionalism).

The second issue regarding using free mail services when applying
for a job has to do with privacy. If you happen to own your
own domain, your employer will likely run a search on that domain
to see what it hosts. If you are hosting or if the owner of your
domain name hosts a site that your prospective employer happens not to
like for whatever reason, that is already a strike against the
employee. (For instance, I own a domain on which I host a variety
of content from graphic design samples to music clips to
philosophical treatises.
If I don't feel confident that the person or employer I am contacting
is in approval of the content, I will refrain from using any
email address associated with my domain name.)
Free mail accounts offer a degree of anonymity to avoid
such issues that could stem from differences in personal taste.

Honestly, I don't know of anyone, friends, family or acquaintances
that are actually paying for email these days. They may have an
email account with their ISP, but the chances are greater that they
are using a free mail account to help protect their privacy in
online transactions.

This leads me to the third issue, which is one of privacy of
the job seeker during the job hunting process.
Resumes are typically passed from job seeker to employer,
revealing all kinds of personal information including educational
and professional background, date of birth, hobbies and interests
and so on. I don't argue that it's important for the employer
to know quite a bit about the prospective employee before committing
to hiring them. But on the other hand, I don't believe that resumes
are the most relevant means of learning about your prospective
employees. Neither are email addresses. In an ideal situation,
information from both the employer side and the employee side
should be released gradually and on an as-needed basis.
Questions asked should be answered. Eventually, you need to know,
and they need to know. But I have come to realize that the
prospective employee also deserves a measure of privacy and
an even larger measure of respect. Respect is displayed by
attitude towards others and your professionalism in writing
emails and in presenting the facts about yourself, not by your
email address. At least, that's how it seems to me.

Jeff

 

[John McGhie]

Hi Jeff:

Most recently, I have been hiring for the Banking Industry. As you can
imagine, they have probity requirements that are up there with the Defence
Industry

So of course, I will send my top-three candidate's resumes off to a
Background Checking Service for verification. By the time they've finished,
there won't be much we don't know about them!

The trick is to make it onto that short list

Of course you are quite correct: the use of a Freemail service would not
cause me to reject an application out of hand. As I said, in my method it
"loses points".

So do obfuscated references, lack of a hard-wired phone number, no
residential street address, lack of a driver's licence and blah blah blah...
If it's obvious that they are withholding or concealing information from me,
I will assume they have a reason for that. I don't need to know the reason
‹ I can also safely assume that if it was "good news" they wouldn't be
hiding it.

So I am not going to incur excessive costs asking the background checking
service to hunt them down: I'll just assume that what they would find I
won't like, and save myself some money

In fact the only reason I mentioned it here was to try to do people a
favour. I am constantly surprised that the Twitter/MyFace/iWare generation
has not caught on to the fact that the more they try to adopt "alternative
personas" to hide their activities, the more sophisticated the employer's
research techniques become.

But it's probably worth noting that even today, the single most fatal
problem with a job application is poor spelling or grammar That's an
instant, epic FAIL, no matter how young the HR person doing the assessment
is If they can't get it right in the single most important document
most of us ever create, I certainly don't want to bet any part of my
business on their efforts

Cheers

Hello John,



I can understand why you would immediately be suspicious
of emails coming from so-called "free" email services.
It's easy enough for anyone to get a free account these days
and pelt an employer with oodles of junk mail.
Also, having a email account with your own identity
establishes that you've taken the time to set up your own
domain name, or at the very least that you are using the email
service provided by your ISP's home domain (which is not
always the most flexible thing in the world).

On the other hand, I have a few comments.

In my previous job, I was responsible for hiring new employees.
Many candidates (quite possibly, MOST candidates) used free mail
services such as Hotmail, Yahoo!, Gmail and so on.
My first argument is that nothing is ever really "free",
in that all of these services contain paid advertisements that
you need to put up with. (Many of these free mail services
in fact offer paid upgrades that are ad-free.)
I would agree that the ads don't usually leave a positive
impression on the employer on the receiving end.
On the other hand, however, they are ubiquitous in Internet
society and culture today, much like a bus advert or a magazine
advert. I never personally felt that just because the job
candidate was using a free mail service, that he/she was
slouching off in his/her duties as a job seeker, or that
he/she needed to go out and pay for a "respectable" email address.
Some free email services (such as Gmail) actually offer email
without inline ads, so it is possibly to still use a free mail
service and be semi-respectable. So I wouldn't write a prospective
employee off based on his/her email address (unless the address
was vulgar, racist or otherwise displayed a blatant lack
of professionalism).

The second issue regarding using free mail services when applying
for a job has to do with privacy. If you happen to own your
own domain, your employer will likely run a search on that domain
to see what it hosts. If you are hosting or if the owner of your
domain name hosts a site that your prospective employer happens not to
like for whatever reason, that is already a strike against the
employee. (For instance, I own a domain on which I host a variety
of content from graphic design samples to music clips to
philosophical treatises.
If I don't feel confident that the person or employer I am contacting
is in approval of the content, I will refrain from using any
email address associated with my domain name.)
Free mail accounts offer a degree of anonymity to avoid
such issues that could stem from differences in personal taste.

Honestly, I don't know of anyone, friends, family or acquaintances
that are actually paying for email these days. They may have an
email account with their ISP, but the chances are greater that they
are using a free mail account to help protect their privacy in
online transactions.

This leads me to the third issue, which is one of privacy of
the job seeker during the job hunting process.
Resumes are typically passed from job seeker to employer,
revealing all kinds of personal information including educational
and professional background, date of birth, hobbies and interests
and so on. I don't argue that it's important for the employer
to know quite a bit about the prospective employee before committing
to hiring them. But on the other hand, I don't believe that resumes
are the most relevant means of learning about your prospective
employees. Neither are email addresses. In an ideal situation,
information from both the employer side and the employee side
should be released gradually and on an as-needed basis.
Questions asked should be answered. Eventually, you need to know,
and they need to know. But I have come to realize that the
prospective employee also deserves a measure of privacy and
an even larger measure of respect. Respect is displayed by
attitude towards others and your professionalism in writing
emails and in presenting the facts about yourself, not by your
email address. At least, that's how it seems to me.

Jeff

--

This email is my business email -- Please do not email me about forum
matters unless you intend to pay!

John McGhie, Microsoft MVP (Word, Mac Word), Consultant Technical Writer,
McGhie Information Engineering Pty Ltd
Sydney, Australia. | Ph: +61 (0)4 1209 1410
+61 4 1209 1410, mailto:[email protected]

 

[Phillip Jones, C.E.T.]

I went through 12 years of primary and secondary education and then 2
years Tech school. The best I could do was a c- in English/Grammar and
Composition. No matter how hard I tried.

I was one of these types that couldn't stand poetry, and Fiction. If I
read anything at all it was Biographies, or non-fiction, I was graded
adversely because I wasn't into Fiction, and Poetry. I wasn't into
Shakespeare, or Huckleberry Finn, or Scarlet Letter or such and was into
bio's on Washington Jefferson, Lincoln , Robert E Lee and so on.
Just Like I am not into Classical Music and Opera. Those two types of
music will put me to sleep faster than taking sleeping pills, and two
gasses of warm milk at the same time. 30 seconds after it starts, I am
sound asleep. While other swoon and get chills up there spine, and goose
bumps listing to Beethoven's Fifth. The only classical music that
doesn't is the William Tell overture. and that is because is was the
theme music for a TV Western show in the US in the 50-60's called The
Lone Ranger.

Now algebra and Trig I could get into and often had a+ grades. I guess I
was better a Logic. To me couldn't see the logic in Dangling
participles. Or when to use colons and semi colons.

So I suppose I would be lousy in your Businesses. And why I haven't
gotten anywhere in life than I have.

Of course part of the problem was when I was taught English and such,
everyone that taught it, made it as interesting as watching grass grow
or paint dry. And if you had problem or sticking point they assumed you
were supposed to know it automagically. (yes I know there is no such
word, but the term is commonly used these days and does describe well
the situation).

Of course now that I've gotten old and crotchety. I've lost most of that.

 

[Jeff Chapman]

Hello again, John,

But it's probably worth noting that even today, the single most fatal
problem with a job application is poor spelling or grammar That's an
instant, epic FAIL, no matter how young the HR person doing the assessment
is If they can't get it right in the single most important document
most of us ever create, I certainly don't want to bet any part of my
business on their efforts

Yeah, I would pretty well concur with you on that.
(Although I disagree with your use of the word "fail" in this
context - have you been using Twitter a little too much lately? :-D )
I used to hire writers for a technical publishing and printing company,
and I was downright ruthless with their grammatical and spelling
errors, to say the least. One glaring mistake was generally all that
it took for their resumes to get filed in That Special Circular File
Cabinet That Gets Cleaned Out Daily.
But not all businesses need to be as strict with prospective
employees who are less proficient with the written word,
as Phillip wrote in his post.

Jeff

 

[John McGhie]

Hi Jeff:

(Although I disagree with your use of the word "fail" in this
context - have you been using Twitter a little too much lately? :-D )

Not GUILTY Those with the misfortune to know me, know that my verbosity
is such that I couldn't even tell you the time in 147 characters

But not all businesses need to be as strict with prospective
employees who are less proficient with the written word,
as Phillip wrote in his post.

Had I been hiring Television Service Technicians, I would probably have
hired Phillip I don't expect TV Technicians to spend much of their
business day writing management reports

Then again, both Phillips' career and mine have been negatively impacted by
our inabilities with management reports. While Phillip may have upset the
grammar police, I have a bad habit of saying what I really think, which is
career-terminal these days!

Cheers

--

This email is my business email -- Please do not email me about forum
matters unless you intend to pay!

John McGhie, Microsoft MVP (Word, Mac Word), Consultant Technical Writer,
McGhie Information Engineering Pty Ltd
Sydney, Australia. | Ph: +61 (0)4 1209 1410
+61 4 1209 1410, mailto:[email protected]