Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: OpenOffice Addresses Security Accusations

Once upon a midnight dreary, while Rex Ballard pondered weak and weary over
many a quaint and curious volume of forgotten lore...:

> 
> Roy Schestowitz wrote:
>> OpenOffice hits back at viral risk claims
>>
>> ,----[ Quote ]
>> | "The one real flaw in the programming logic has been fixed," Louis
>> | Suarez-Potts, an OpenOffice.org community manager, told IDG. "The
>> | others are theoretical."
>> `----
> 
> It really is amusing.  This French company, which has the source code
> to OpenOffice found only 4 security holes, and only 1 of them
> constitutes even the possibility of a real threat.
> 
> The irony of course, is that these flaws were found BEFORE they could
> be exploited, FIXED before they could be exploited, and PUBLISHED
> before they could be exploited, because the OpenOffice organization was
> willing to admit that "there might be a problem here".
> 
> Contrast that to Microsoft who still allows macroviruses and embedded
> OLE objects to be sent via e-mail, web viewer, and of course, editors.
> The end user can THINK he's getting a good document from a trusted
> source, but it's a bit like sexually transmitted diseases, can you
> really trust that person, and anyone they've contacted...
> 
> In spite of repeated reccomendations NOT to send Microsoft  Office
> documents as primary attachements with minimal e-mail descriptions,
> people insist on sending a message with a very sparse subject line, and
> nothing more than a "read this" a "signature" and the attachment which
> can be opened with a double-click.
> 
> Then there are the embedded objects which can invoke all kinds of
> interesting libraries, and get them to perform all kinds of interesting
> functions.
> 
> And of course, the only reason we know about these is because so many
> systems have been attacked so many times.  The unfortunate problem is
> that it isn't even possible to do a true "Root Cause Analysis" to find
> out WHY the system was infected, HOW it got infected, and how to make
> sure that it never happens again.
> 
> Microsoft is sending out patches for known security holes that have
> been published as far back as 1997, and were actually taken down by
> court order at the request of Microsoft.  A legitimate attempt to warn
> IT managers of the risks of certain Microsoft technologies, and to help
> them mitigate those risks, was killed by Microsoft who didn't want to
> admit that they had placed carefully engineered Back Doors into
> people's computers that could be opened at any time, and appearantly by
> anybody.
> 
> 
> 
> 
>>         http://www.theregister.co.uk/2006/08/15/openoffice_viral_risk/

I'm waiting for the WGA exploits to appear. Then I'll be laughing all the
way to the bank.

-- 
When all else fails... use a hammer.

http://dotware.co.uk 

Some people are like Slinkies; they serve no particular purpose,
But they bring a smile to your face when you push them down the stairs.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index