Once upon a midnight dreary, while Rex Ballard pondered weak and weary over
many a quaint and curious volume of forgotten lore...:
>
> Roy Schestowitz wrote:
>> OpenOffice hits back at viral risk claims
>>
>> ,----[ Quote ]
>> | "The one real flaw in the programming logic has been fixed," Louis
>> | Suarez-Potts, an OpenOffice.org community manager, told IDG. "The
>> | others are theoretical."
>> `----
>
> It really is amusing. This French company, which has the source code
> to OpenOffice found only 4 security holes, and only 1 of them
> constitutes even the possibility of a real threat.
>
> The irony of course, is that these flaws were found BEFORE they could
> be exploited, FIXED before they could be exploited, and PUBLISHED
> before they could be exploited, because the OpenOffice organization was
> willing to admit that "there might be a problem here".
>
> Contrast that to Microsoft who still allows macroviruses and embedded
> OLE objects to be sent via e-mail, web viewer, and of course, editors.
> The end user can THINK he's getting a good document from a trusted
> source, but it's a bit like sexually transmitted diseases, can you
> really trust that person, and anyone they've contacted...
>
> In spite of repeated reccomendations NOT to send Microsoft Office
> documents as primary attachements with minimal e-mail descriptions,
> people insist on sending a message with a very sparse subject line, and
> nothing more than a "read this" a "signature" and the attachment which
> can be opened with a double-click.
>
> Then there are the embedded objects which can invoke all kinds of
> interesting libraries, and get them to perform all kinds of interesting
> functions.
>
> And of course, the only reason we know about these is because so many
> systems have been attacked so many times. The unfortunate problem is
> that it isn't even possible to do a true "Root Cause Analysis" to find
> out WHY the system was infected, HOW it got infected, and how to make
> sure that it never happens again.
>
> Microsoft is sending out patches for known security holes that have
> been published as far back as 1997, and were actually taken down by
> court order at the request of Microsoft. A legitimate attempt to warn
> IT managers of the risks of certain Microsoft technologies, and to help
> them mitigate those risks, was killed by Microsoft who didn't want to
> admit that they had placed carefully engineered Back Doors into
> people's computers that could be opened at any time, and appearantly by
> anybody.
>
>
>
>
>> http://www.theregister.co.uk/2006/08/15/openoffice_viral_risk/
I'm waiting for the WGA exploits to appear. Then I'll be laughing all the
way to the bank.
--
When all else fails... use a hammer.
http://dotware.co.uk
Some people are like Slinkies; they serve no particular purpose,
But they bring a smile to your face when you push them down the stairs.
|
|