Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Not so fast there Sparky (to Dennis).

Those two updates are apparently for 2010 patches to the EOT code.  I get repeated requests to 
install them, over and over again.  I don't know if it was my running the Fixit workaround or not, 
but I have blocked the two updates from installing any longer.

 - Dennis

-----Original Message-----
From: Tom Davies [mailto:tomdavies04@yahoo.co.uk] 
Sent: Sunday, November 06, 2011 16:55
To: users@global.libreoffice.org
Subject: RE: [libreoffice-users] Re: MS font exploit

Hi :)
Thanks Dennis. :)  I know i am pretty safe at home.  A targeted attack could probably compromise me 
fairly easily but i am pretty safe from drive-by and casual attacks.  Reinstalling an OS is no big 
deal either.  

The main place i worry about uses mostly Xp machines and tomorrow is a good day for me to get 
access to all but 2 of the machines.
Regards from
Tom :)


--- On Sun, 6/11/11, Dennis E. Hamilton <dennis.hamilton@acm.org> wrote:

From: Dennis E. Hamilton <dennis.hamilton@acm.org>
Subject: RE: [libreoffice-users] Re: MS font exploit
To: users@global.libreoffice.org
Date: Sunday, 6 November, 2011, 23:45
Take heart: I just received an update
and install notice for two patches concerning TrueType fonts
on my Windows XP SP3 Tablet PC.  I don't know whether
there are more coming.  I don't see anything for Vista
or Windows 7 yet.  Stay tuned.

If you are running Windows XP, it might be a good time to
check for updates.

 - Dennis

Tom,

The security issue is not about a virus or the ways a virus
is spread.  

It is certainly about the prospect of a machine being
compromised and used as part of a zombie army or
whatever.  The compromise could also be used to
compromise security on the machine that is successfully
attacked.

I wouldn't say that LO is safe.  Any application that
allows selection of TTF fonts and that uses Windows to
render fonts on the display and for printing might be
vulnerable -- all of the attack routes have not been
disclosed.  But as someone else commented, the
vulnerability is in Windows.  Also, the malicious fonts
need to be installed or accessed somehow.  The embedded
case that had a workaround is presumably but one of the
attack entries.


 - Dennis

-----Original Message-----
From: Tom [mailto:tomdavies04@yahoo.co.uk]

Sent: Saturday, November 05, 2011 11:20
To: users@global.libreoffice.org
Subject: [libreoffice-users] Re: MS font exploit

Hi :)
That seems to list all the supported versions/distros of
Windows but doesn't
included unsupported ones such as Win98.  Does that
mean Win98 is safe or
just that they don't bother to look to see if it's
vulnerable?  

Tbh my interest suddenly dropped away when i found that LO
is safe even if
we read a doc file in it and creating doc files is still
safe too in LO. 
I'm a little worried about the works machines especially
after the work i
have put in these last 2 weeks but if they suffer because
of using MS Office
then it might encourage them to move to LO and that would
be fine by me. 
The problem would be if the machines got infected right
after me working on
updating everything and installing weird stuff such as
LO.  

If LO prevents the machine itself getting infected that is
one good thing
but if it inadvertently passes infections on then the wrong
people, ie LO
users, might start getting the blame for something that is
not their/our
fault.  Of course they/we would also be passing it on
if we were using MS
Office but at least we would have had more warning about it
as our machines
got infected.  Hmmm, this whole lack of security in MS
products really
creates a lot of weird blame issues.  

Regards from
Tom :) 

--
View this message in context: 
http://nabble.documentfoundation.org/MS-font-exploit-tp3481492p3483006.html
Sent from the Users mailing list archive at Nabble.com.

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived
and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived
and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.