Re: [libreoffice-users] FYI: LO's security system is compromised, please be careful

Hi :)
Password protection is usually just a polite request.

Users choose such dumb passwords especially if they have to share.
Then they keep passwords written down!! and in such stupid places that
it's usually VERY easy for anyone to break in.

First guess is that they cleverly used "password".  It's usually
written on a post-it note stuck to the screen, or keyboard or some
extremely cautious people write it on the underside of their keyboard.
 Apparently almost everyone uses dictionary words (i don't and
hopefully most here don't but mine aren't brilliant either) so someone
interested enough to watch a 5min YouTube video could break in within
a couple of minutes.  Usually a LOT less time than a legitimate worker
trying to honestly open the file for legitimate reasons.


This thread makes it sound like MS protection is better.  It isn't.
Just double click on it to open in LibreOffice, or OpenOffice, and
probably most other such programs = or open the program and drag the
file in to open it with the program that way.

My company's finance department wanted me to fix a problem with one of
their files and i did so before they could even give me the password!!
 I hadn't realised there had been any password protection.
Regards from
Tom :)




On 29 January 2014 15:06, Cley Faye <cleyfaye@gmail.com> wrote:
> 2014-01-29 Sayt Bahal <sayt.bahal@gmail.com>
>
> > It turned out that LibreOffice has a security-related issue (
> > https://bugs.freedesktop.org/show_bug.cgi?id=51819), that makes it save
> > the
> > AutoRecovery files for password-protected documents without any protection
> > (encryption).
> >
> > It essentially means, that with AutoRecovery enabled (which is the
> > default):
> > - after an application or system crash (eg. a power failure) anybody can
> > recover the document without knowing the password (the document 'loses' its
> > password)
> > - anybody who has access to the system drive (eg. through the network)
> > while you are editing a document can open it without knowing the password
> > - anybody who has physical access to your system hard drive, now or in the
> > future (at worst even months/years after the actual editing), has the
> > chance to unerase the document and open it without knowing the password
> >
> > If you use password-protection a lot and are concerned about the security
> > of your documents, it could be advisable to switch the AutoRecovery feature
> > off until the bug gets fixed.
> >
> > The issue applies to all LibreOffice modules (Writer, Calc, Draw, ...) and
> > was introduced in version 3.4.6 (March 2012).
> >
> > ------------------
> > For developers only:
> >
> > It also turned out, that (a bit surprisingly) the lead developers have
> > other priorities than fixing such security issues, and are waiting (since
> > May 2013) for the community to step in.
> >
> > If you have the necessary knowledge and free time to track down and
> > potentially to fix this issue, please do not hesitate to take a look into
> > it and help in maintaining the security standard that millions of users
> > worldwide impose on such professional products as LibreOffice.
> Hmm. On a general note, one should know that a lot of applications (all?)
> have a tendancy to leak information through temporary files, caching,
> memory swapping... And appropriate care should be taken if you're
> manipulating sensitive informations: system drive NOT available through
> network, encrypted temp partition, encrypted swap (with random key), not
> leaving the computer unattended while powered (even if the screen's locked,
> it's a liability because full-disk encryption keys might be recoverable
> from RAM), etc.
>
> More specific to LO now: this issue, if it works as advertised (didn't
> check thoroughly, but on Linux LO 4.1.4.2 the issue exists), doesn't come
> from some side-effect of our moderns OS, but is directly linked with LO.
>
> Maybe a solution would be to automatically disable temporary
> backup/recovery when opening a file with a password. Unfortunately I'm not
> very familiar with LO codebase, but perhaps such a solution would be easy
> enough to implement to bring current developpers attention on it.
> At least it's significantly easier (and safer!) than trying to remember the
> document key, save the recovery data encrypted, change the recovery dialog
> to handle these cases, etc. Of course one would lose the ability to use
> recovery for encrypted documents, but it's not necessarily a bad thing :)
>
> Note that if your document is really sensitive, the fact that it's
> encrypted when saving doesn't mean that it's safe: if you're not cautious
> about your whole system, entire parts of the file can end up on swap anyway
> as you're working on it (it have to be in clear in the RAM at some
> point...).
>
> For what it's worth, one short-term solution is to have the temporary place
> encrypted. For example, on some Linux systems (namely Ubuntu, don't know
> for others) you can chose to encrypt your home folder, which happen to
> contain the backup path used by LO. This doesn't protect you from network
> access, but that's only relevant if you set open network access to your
> home folder, including config files in hidden directories... Which I hope
> is not that common.
>
> --
> To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be deleted

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted