Re: [Marketing] France says OpenOffice.org is not secure enough
Finn Gruwier Larsen wrote: It's very interesting to see that Microsoft once again is behind this OOo FUD. Can we use this important information from Simon in an official answer to the attack? I guess we should not use the information and I'm not convinced that it is a wise thing to do, i.e. get into a direkt fight. From my point of view there is a way to present the news in a much more positive light: * Yes, ZIP and XML are open techniques which make it easy for someone to include malicious elements. However, the transparent nature of these technologies also make it easy to detect malicious elements. It's like with open source in general. Yes, on the one hand the availability of source code makes it easier to identify and exploit security holes. However, for the same reasons issues can be identified and fixed faster. * Yes, the cross-platform scripting support of OpenOffice.org makes it possible to run macros (including malicious ones) across platforms, and thus the risks are higher. However, at the same time potential benefits are higher as well. Driving a 500 horse power sports car is theoretically more dangerous than 70 horse power compact car because people can drive faster and thus kill themselves more easily. However, a sports car does not have to be more dangerous. If one drives the sports car accordingly, there is no higher risk. And if someone likes to drive fast, because he or she thinks it's more fun, than the risk of being killed in a car crash is something one has to live with. * Military government agencies are developing extensions for OpenOffice.org. They most likely won't do that if they were seriously concerned about the security of OpenOffice.org compared to available alternatives. * Mr. Filiol was impressed by the fast response from the OpenOffice.org including Sun Microsystems. There is a very positive quote in the report! * We're happy about the external security audits by organizations like the ESAT, because the feedback helps to develop a very secure office productivity solution. * Due to the availability of the source code, companies and government organizations can help developing new security features and concepts. All the best, Erwin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Marketing] France says OpenOffice.org is not secure enough
On Tue, 15 Aug 2006, Finn Gruwier Larsen wrote: [snip] Can we use this important information from Simon in an official answer to the attack? [snip] Perhaps, but I'd take it as an indication that it's trying to draw attention away from some other more severe marketing vulnerability. It's Software Assurance customers, for example, have just been forced to admit that they probably got reamed. Or that MSO 2007 is probably going to be a no-show and it might be better to try OOo during the wait.* Look around. There's got to be a good one hanging in front of our faces that we havne't used. Simon Phipps skrev: A journalist who contacted me on Friday for comment told me he had been alerted to the story by someone at Microsoft who was passing the report around. -Lars * IMHO one of the reasons MS keeps its minions in constant crisis moded is so that there is no time left over for basic activities. That ensures that lower (short term) priority tasks like evaluating competing software don't even get on the list, should the local (defacto) MS reps be unable to stifle the suggestion. Lars Noodén ([EMAIL PROTECTED]) OpenOffice.org: Now ISO 26300 Standards Compliant ! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Marketing] France says OpenOffice.org is not secure enough
No. I would have posted the links to the rebuttals if I had them or recalled the main points. I have slapped some points onto a wiki page for it though: http://wiki.services.openoffice.org/wiki/FrMoD-Aug Anyone here should feel free to add bits, jot notes, write prose, or move stuff around on the page. -Lars Lars Noodén ([EMAIL PROTECTED]) OpenOffice.org: Now ISO 26300 Standards Compliant ! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Marketing] France says OpenOffice.org is not secure enough
Thought you might want to check this out. I don't remember seeing this on any of the lists. http://digg.com/security/OpenOffice_org_Security_Is_Insufficient --- OpenOffice.org Security Is Insufficient... With Microsoft Corp.'s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses...The general security of OpenOffice is insufficient, the researchers wrote.. +536 people dugg this story Here's the link to the story itself http://www.infoworld.com/article/06/08/11/HNopenofficesecurity_1.html -- - Chad Smith http://www.gimpshop.net/ http://www.whatisopenoffice.org/ http://www.chadwsmith.com/ -- - Chad Smith http://www.gimpshop.net/ http://www.whatisopenoffice.org/ http://www.chadwsmith.com/
Re: [Marketing] France says OpenOffice.org is not secure enough
On Mon, 2006-14-08 at 10:34 -0400, Chad Smith wrote: Thought you might want to check this out. I don't remember seeing this on any of the lists. http://digg.com/security/OpenOffice_org_Security_Is_Insufficient quote If these types of vulnerabilities had been discovered in Microsoft Office, it would be front-page news, he said. Whoever did the security for OpenOffice has totally ignored what Microsoft has gone through with the security of their own Office documents. /quote That's not good... I wonder if KOffice is better. Probably is. Cheers, Daniel. -- http://opendocumentfellowship.org The reasonable man adapts himself to the world; the unreasonable man tries to adapt the world to himself. Therefore all progress depends on unreasonable men. -- George Bernard Shaw signature.asc Description: This is a digitally signed message part
Re: [Marketing] France says OpenOffice.org is not secure enough
Hello Daniel, I think mentioning KOffice is beside the point. There has been a series of PR mismatches and communication mistakes about this: in short, the MinDef tested OOo just like it tested other office software and discovered flaws just like it would have done so with any other software. Then there was a leak in the press that got exploited by imho unscrupulous journalists. I agree with you however, that this is not good and all this, well, all this tends to piss me off. Best, Charles. Daniel Carrera a écrit : On Mon, 2006-14-08 at 10:34 -0400, Chad Smith wrote: Thought you might want to check this out. I don't remember seeing this on any of the lists. http://digg.com/security/OpenOffice_org_Security_Is_Insufficient quote If these types of vulnerabilities had been discovered in Microsoft Office, it would be front-page news, he said. Whoever did the security for OpenOffice has totally ignored what Microsoft has gone through with the security of their own Office documents. /quote That's not good... I wonder if KOffice is better. Probably is. Cheers, Daniel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]