RE: [libreoffice-users] Re: MS font exploit

Not so fast there Sparky (to Dennis).

Those two updates are apparently for 2010 patches to the EOT code.  I get repeated requests to 
install them, over and over again.  I don't know if it was my running the Fixit workaround or not, 
but I have blocked the two updates from installing any longer.

 - Dennis

-----Original Message-----
From: Tom Davies [mailto:tomdavies04@yahoo.co.uk] 
Sent: Sunday, November 06, 2011 16:55
To: users@global.libreoffice.org
Subject: RE: [libreoffice-users] Re: MS font exploit

Hi :)
Thanks Dennis. :)  I know i am pretty safe at home.  A targeted attack could probably compromise me 
fairly easily but i am pretty safe from drive-by and casual attacks.  Reinstalling an OS is no big 
deal either.  

The main place i worry about uses mostly Xp machines and tomorrow is a good day for me to get 
access to all but 2 of the machines.
Regards from
Tom :)


--- On Sun, 6/11/11, Dennis E. Hamilton <dennis.hamilton@acm.org> wrote:

> From: Dennis E. Hamilton <dennis.hamilton@acm.org>
> Subject: RE: [libreoffice-users] Re: MS font exploit
> To: users@global.libreoffice.org
> Date: Sunday, 6 November, 2011, 23:45
> Take heart: I just received an update
> and install notice for two patches concerning TrueType fonts
> on my Windows XP SP3 Tablet PC.  I don't know whether
> there are more coming.  I don't see anything for Vista
> or Windows 7 yet.  Stay tuned.
>
> If you are running Windows XP, it might be a good time to
> check for updates.
>
>  - Dennis
>
> Tom,
>
> The security issue is not about a virus or the ways a virus
> is spread.  
>
> It is certainly about the prospect of a machine being
> compromised and used as part of a zombie army or
> whatever.  The compromise could also be used to
> compromise security on the machine that is successfully
> attacked.
>
> I wouldn't say that LO is safe.  Any application that
> allows selection of TTF fonts and that uses Windows to
> render fonts on the display and for printing might be
> vulnerable -- all of the attack routes have not been
> disclosed.  But as someone else commented, the
> vulnerability is in Windows.  Also, the malicious fonts
> need to be installed or accessed somehow.  The embedded
> case that had a workaround is presumably but one of the
> attack entries.
>
>
>  - Dennis
>
> -----Original Message-----
> From: Tom [mailto:tomdavies04@yahoo.co.uk]
>
> Sent: Saturday, November 05, 2011 11:20
> To: users@global.libreoffice.org
> Subject: [libreoffice-users] Re: MS font exploit
>
> Hi :)
> That seems to list all the supported versions/distros of
> Windows but doesn't
> included unsupported ones such as Win98.  Does that
> mean Win98 is safe or
> just that they don't bother to look to see if it's
> vulnerable?  
>
> Tbh my interest suddenly dropped away when i found that LO
> is safe even if
> we read a doc file in it and creating doc files is still
> safe too in LO. 
> I'm a little worried about the works machines especially
> after the work i
> have put in these last 2 weeks but if they suffer because
> of using MS Office
> then it might encourage them to move to LO and that would
> be fine by me. 
> The problem would be if the machines got infected right
> after me working on
> updating everything and installing weird stuff such as
> LO.  
>
> If LO prevents the machine itself getting infected that is
> one good thing
> but if it inadvertently passes infections on then the wrong
> people, ie LO
> users, might start getting the blame for something that is
> not their/our
> fault.  Of course they/we would also be passing it on
> if we were using MS
> Office but at least we would have had more warning about it
> as our machines
> got infected.  Hmmm, this whole lack of security in MS
> products really
> creates a lot of weird blame issues.  
>
> Regards from
> Tom :) 
>
> --
> View this message in context: 
> http://nabble.documentfoundation.org/MS-font-exploit-tp3481492p3483006.html
> Sent from the Users mailing list archive at Nabble.com.
>
> -- 
> For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived
> and cannot be deleted
>
>
> -- 
> For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived
> and cannot be deleted

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted