[libreoffice-users] Re: JRE older installs - Windows - nowonline-no need for Oracleaccount

2011-09-04 Thread David H. Lipman 
From: "David H. Lipman" 

sent:  Saturday, September 03, 2011 3:15 PM

arrived:  Sunday, September 04, 2011 07:21 AM

-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: JRE older installs - Windows - nowonline-no need for Oracleaccount

2011-09-04 Thread David H. Lipman 
From: "Tom Davies" 

> 
> From: David H. Lipman 
> To: users@global.libreoffice.org
> Sent: Fri, 2 September, 2011 18:48:47 Subject: [libreoffice-users] Re: JRE 
> older 
> installs - Windows - nowonline-
> no need for Oracleaccount
>
> 
>
> Luckily Ubuntu is not targeted to the degree that MS Windows is and thus you
> have a lesser degree of exploitation.
>
> Dave
> Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk 
> http://www.pctipp.ch/downloads/dl/35905.asp
>
>
> Hi :)
> Hmm, not quite the case.  Servers would make a far better target than desktops
> if the aim of malware is to cause disruption or grab data.  Pranks and 
> accidents
> are sooo last decade.
>
>
> However, we still hardly ever hear about servers suffering.  If it happens at
> all it often gets reported in the mainstream news because it's so rare.  So, 
> why
> is it so common-place to hear of desktops getting infected instead of servers?
>
>
> Interestingly it's the market where MS is dominant that has the most trouble
> with malware.  Most big servers run Gnu&Linux, Bsd or some other Unix-based
> platform precisely because stability and security are more important.
>
> http://librenix.com/?inode=21 Even if we just look at desktops we would 
> expect a 
> platform such as Mac at an
> estimated 20% of the market taking 20% of the malware.  Yet we have heard of
> less than a handful.  Again it's so rare that it reaches the mainstream press.
>
>
> People that want to sound knowledgeable about malware and sound serious about 
> it
> use Windows.  There is a lot to know!  It's good to show-off about how much 
> you
> know but always the intel these people have is old because they are always
> trying to catch-up with the ingenuity of malware creators.  People who are 
> just
> serious about stability and security and want to stay ahead of the game tend 
> to
> use Gnu&Linux (or Bsd, or even Mac).
>
>
You wrote "Servers would make a far better target than desktops..."

Not true.  Desktops are targeted as profit centers.  Through keyloggers, data 
stealers, 
backdoors, etc, desktops (personal computers) are targeted for profits.  That 
is the goal 
of Today's preponderance of malware.

MACDefender is one sample.  The motive of the infection is monetary and PII 
gain.



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread NoOp 
On 09/03/2011 03:55 PM, David wrote:
> On 9/3/2011 6:29 PM, NoOp wrote:
>> On 09/03/2011 02:57 PM, David wrote:
>> ...
>>>
>>> What 'bothers' me about this is the smug that do not accept that this is
>>> a real threat to us all. Which was my point. No one is 'bullet proof'.
>> 
>> Not even kernel.org:
> 
> 
> 
> I saw that. Did you see just how long it took to find the attack?
...

Yes, of course I did. But also note that it appears that entry may have
been made by a compromised user credential & that were/are being taken.

Imagine how long it would take to find an outdated JRE attack when using
insecure versions of Java? Which is of course the issue in this thread.

Anyway I'm out of this thread as I think that sufficient
warnings/discussion regarding using old versions of JRE have been made.
My recommendation, given the above & all the other warnings by other
contributors in this thead, is to use the latest security patched
versions of whatever application/OS is in use.

IMO anyone that uses software that has known security vulnerabilities
does so at their own risk. If Base users are experiencing speed issues
due to Java versions, file a bug (both on LO bugzilla and with Oracle) -
that is the *only* way that I know of resolving the issue. Hosting old
insecure versions of code isn't (IMO) the answer, and continued
promotion for using such on this list is (again IMO) simply
irresponsible and wrong.






-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread David 
On 9/3/2011 6:29 PM, NoOp wrote:
> On 09/03/2011 02:57 PM, David wrote:
> ...
>>
>> What 'bothers' me about this is the smug that do not accept that this is
>> a real threat to us all. Which was my point. No one is 'bullet proof'.
> 
> Not even kernel.org:



I saw that. Did you see just how long it took to find the attack?

I am smart. I am bulletproof. I am Superman. No longer works today.
Anyone that thinks differently?


-- 

  David

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread NoOp 
On 09/03/2011 02:57 PM, David wrote:
...
> 
> What 'bothers' me about this is the smug that do not accept that this is
> a real threat to us all. Which was my point. No one is 'bullet proof'.

Not even kernel.org:




So I reckon the best option is to be vigilant in whatever
system/application you use.

We now return you to your friendly LibreOffice user channel... :-)



-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread David 
On 9/3/2011 5:42 PM, Dennis E. Hamilton wrote:
> Criminals do attack servers.  Regularly.  And for as long as the internet has 
> been the vehicle for attacks.  Some of the successful attacks do get 
> reported.  The vulnerability is often a configuration and system-management 
> one, not a defect in operational software.  
> 
> Do you recall Google reporting a major penetration that had evidently gone on 
> for some time?  Do you recall reports of user information, identity, and 
> password information having been stolen from a variety of significant systems.
> 
> The kinds of server based compromises tend to be different.  
> 
> Apparently the most profitable attack on clients these days is for co-opting 
> the clients into zombie armies that can be used in coordinated attacks on 
> vulnerable systems as well as unwitting hosts for phishing attacks and 
> distribution of spam.  Because thousands of clients are brought under control 
> in this manner, their botnet services are then hired out to criminals.  That 
> is how scale matters at the client level.
> 
>  - Dennis
> 
> -Original Message-
> From: Tom Davies [mailto:tomdavie...@yahoo.co.uk] 
> Sent: Saturday, September 03, 2011 13:47
> To: users@global.libreoffice.org
> Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - 
> nowonline- no need for Oracleaccount
> 
> Hi :)
> No, that is the point i am disagreeing with.  If Gnu&Linux, Bsd and other 
> Unix-based OSes were equally vulnerable then we would see a lot more servers 
> being compromised.  Affecting several thousand servers would have a vastly 
> higher impact then affecting that many desktops wouldn't it?  So, why bother 
> with desktops if servers are just as vulnerable?  For the same effort more 
> data 
> could be collected and more disruption could be caused by aiming at servers.  
> So 
> why bother with creating malware for desktops at all?  When not just target 
> servers?  
> 
> 
> Compare with other sorts of crime.  Imagine no corporate crime, no fraud, no 
> scams just about 50%-20% of everyone  getting mugged for loose change on the 
> way 
> home a couple of times a year.  It's low hanging fruit but just not worth the 
> investment of time and effort so people go for bigger targets to get more 
> cash.  
> Why doesn't this happen with malware?  Why not several thousand servers 
> instead 
> of just desktops?
> Regards from
> Tom :)
> 
> 
> 
> 
> ____________
> From: David 
> To: users@global.libreoffice.org
> Sent: Sat, 3 September, 2011 21:11:30
> Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - 
> nowonline- 
> no need for Oracleaccount
> 
> On 9/3/2011 4:02 PM, planas wrote:
> 
> BIG 
> 
> 
> 
> Security by obscurity. So few people use Linux that Linux is not significant 
> enough
> to be of value to the 'bad guys' out there.
> 
> Should Linux ever become common enough that more than about 50 million 
> people, 
> [1] in a world of 5 Billion people, use it - then it might become *worth the 
> effort*.
> 
> What do you think?
> 
> [1] "Linux Counter Summary Report"
> 
> <http://counter.li.org/reports/short.php>

What 'bothers' me about this is the smug that do not accept that this is
a real threat to us all. Which was my point. No one is 'bullet proof'.


-- 

  David

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread Tom Davies 
Hi :)
Different OSes have different strengths.  I would say that Windows greatest 
strength is that it "just works" and gives users freedom from choices such as 
which DE they use, which file-browser and so on.  It is possible for true 
Windows-geeks to change some of those things with some difficulty.  It's not 
the 
most stable and secure platform but so what?  You can buy anti-virus and add 
security and take precautions that mostly work quite well and you can always 
take it back to a shop if something really bad happens.  Plus when you buy a 
machine from a shop it's already installed so you don't have to worry about 
geeky stuff.  There are a lot of good reasons to use Windows.  

Regards from
Tom :)





From: David 
To: users@global.libreoffice.org
Sent: Sat, 3 September, 2011 21:11:30
Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- 
no need for Oracleaccount

On 9/3/2011 4:02 PM, planas wrote:

BIG 

> In Windows you have the situation where users range from extremely
> knowledgeable to total incompetence, compound this with there is
> essentially a single OS for each version of Window. This allows crackers
> a wealth of very similar targets with less effort. Add that some the
> users are utterly clueless about computer security and you have a
> situation were attacks will be successful enough for the crackers to
> justify their efforts.


All of which is OT here but this shows Linux elitism. Security by
obscurity. So few people use Linux that Linux is not significant enough
to be of value to the 'bad guys' out there.

Should Linux ever become common enough that more than about 50 million
people, [1] in a world of 5 Billion people, use it - then it might
become *worth the effort*.

What do you think?

[1] "Linux Counter Summary Report"

<http://counter.li.org/reports/short.php>
-- 

  David

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

RE: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread Dennis E. Hamilton 
Criminals do attack servers.  Regularly.  And for as long as the internet has 
been the vehicle for attacks.  Some of the successful attacks do get reported.  
The vulnerability is often a configuration and system-management one, not a 
defect in operational software.  

Do you recall Google reporting a major penetration that had evidently gone on 
for some time?  Do you recall reports of user information, identity, and 
password information having been stolen from a variety of significant systems.

The kinds of server based compromises tend to be different.  

Apparently the most profitable attack on clients these days is for co-opting 
the clients into zombie armies that can be used in coordinated attacks on 
vulnerable systems as well as unwitting hosts for phishing attacks and 
distribution of spam.  Because thousands of clients are brought under control 
in this manner, their botnet services are then hired out to criminals.  That is 
how scale matters at the client level.

 - Dennis

-Original Message-
From: Tom Davies [mailto:tomdavie...@yahoo.co.uk] 
Sent: Saturday, September 03, 2011 13:47
To: users@global.libreoffice.org
Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- 
no need for Oracleaccount

Hi :)
No, that is the point i am disagreeing with.  If Gnu&Linux, Bsd and other 
Unix-based OSes were equally vulnerable then we would see a lot more servers 
being compromised.  Affecting several thousand servers would have a vastly 
higher impact then affecting that many desktops wouldn't it?  So, why bother 
with desktops if servers are just as vulnerable?  For the same effort more data 
could be collected and more disruption could be caused by aiming at servers.  
So 
why bother with creating malware for desktops at all?  When not just target 
servers?  


Compare with other sorts of crime.  Imagine no corporate crime, no fraud, no 
scams just about 50%-20% of everyone  getting mugged for loose change on the 
way 
home a couple of times a year.  It's low hanging fruit but just not worth the 
investment of time and effort so people go for bigger targets to get more cash. 
 
Why doesn't this happen with malware?  Why not several thousand servers instead 
of just desktops?
Regards from
Tom :)





From: David 
To: users@global.libreoffice.org
Sent: Sat, 3 September, 2011 21:11:30
Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- 
no need for Oracleaccount

On 9/3/2011 4:02 PM, planas wrote:

BIG 



Security by obscurity. So few people use Linux that Linux is not significant 
enough
to be of value to the 'bad guys' out there.

Should Linux ever become common enough that more than about 50 million people, 
[1] in a world of 5 Billion people, use it - then it might become *worth the 
effort*.

What do you think?

[1] "Linux Counter Summary Report"

<http://counter.li.org/reports/short.php>

  David
-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread David 
On 9/3/2011 4:47 PM, Tom Davies wrote:
> Hi :)
> No, that is the point i am disagreeing with.  If Gnu&Linux, Bsd and other 
> Unix-based OSes were equally vulnerable then we would see a lot more servers 
> being compromised.  Affecting several thousand servers would have a vastly 
> higher impact then affecting that many desktops wouldn't it?  So, why bother 
> with desktops if servers are just as vulnerable?  For the same effort more 
> data 
> could be collected and more disruption could be caused by aiming at servers.  
> So 
> why bother with creating malware for desktops at all?  When not just target 
> servers?  
> 
> 
> Compare with other sorts of crime.  Imagine no corporate crime, no fraud, no 
> scams just about 50%-20% of everyone  getting mugged for loose change on the 
> way 
> home a couple of times a year.  It's low hanging fruit but just not worth the 
> investment of time and effort so people go for bigger targets to get more 
> cash.  
> Why doesn't this happen with malware?  Why not several thousand servers 
> instead 
> of just desktops?
> Regards from
> Tom :)

Good point. It is the pompous A$$ types, ten feet tall and bulletproof,
that annoy me.


-- 

  David

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread Tom Davies 
Hi :)
No, that is the point i am disagreeing with.  If Gnu&Linux, Bsd and other 
Unix-based OSes were equally vulnerable then we would see a lot more servers 
being compromised.  Affecting several thousand servers would have a vastly 
higher impact then affecting that many desktops wouldn't it?  So, why bother 
with desktops if servers are just as vulnerable?  For the same effort more data 
could be collected and more disruption could be caused by aiming at servers.  
So 
why bother with creating malware for desktops at all?  When not just target 
servers?  


Compare with other sorts of crime.  Imagine no corporate crime, no fraud, no 
scams just about 50%-20% of everyone  getting mugged for loose change on the 
way 
home a couple of times a year.  It's low hanging fruit but just not worth the 
investment of time and effort so people go for bigger targets to get more cash. 
 
Why doesn't this happen with malware?  Why not several thousand servers instead 
of just desktops?
Regards from
Tom :)





From: David 
To: users@global.libreoffice.org
Sent: Sat, 3 September, 2011 21:11:30
Subject: Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- 
no need for Oracleaccount

On 9/3/2011 4:02 PM, planas wrote:

BIG 



Security by obscurity. So few people use Linux that Linux is not significant 
enough
to be of value to the 'bad guys' out there.

Should Linux ever become common enough that more than about 50 million people, 
[1] in a world of 5 Billion people, use it - then it might become *worth the 
effort*.

What do you think?

[1] "Linux Counter Summary Report"

<http://counter.li.org/reports/short.php>

  David
-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread David 
On 9/3/2011 4:02 PM, planas wrote:

BIG 

> In Windows you have the situation where users range from extremely
> knowledgeable to total incompetence, compound this with there is
> essentially a single OS for each version of Window. This allows crackers
> a wealth of very similar targets with less effort. Add that some the
> users are utterly clueless about computer security and you have a
> situation were attacks will be successful enough for the crackers to
> justify their efforts.


All of which is OT here but this shows Linux elitism. Security by
obscurity. So few people use Linux that Linux is not significant enough
to be of value to the 'bad guys' out there.

Should Linux ever become common enough that more than about 50 million
people, [1] in a world of 5 Billion people, use it - then it might
become *worth the effort*.

What do you think?

[1] "Linux Counter Summary Report"


-- 

  David

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread planas 
Hi,

On Sat, 2011-09-03 at 18:49 +0100, Tom Davies wrote:


> 
> 
> Luckily Ubuntu is not targeted to the degree that MS Windows is and thus you 
> have a lesser degree of exploitation.
> 
> Dave
> Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
> http://www.pctipp.ch/downloads/dl/35905.asp 
> 
> 
> Hi :)
> Hmm, not quite the case.  Servers would make a far better target than 
> desktops 
> if the aim of malware is to cause disruption or grab data.  Pranks and 
> accidents 
> are sooo last decade.  
> 
> 
> However, we still hardly ever hear about servers suffering.  If it happens at 
> all it often gets reported in the mainstream news because it's so rare.  So, 
> why 
> is it so common-place to hear of desktops getting infected instead of 
> servers?  
> 
> 
> Interestingly it's the market where MS is dominant that has the most trouble 
> with malware.  Most big servers run Gnu&Linux, Bsd or some other Unix-based 
> platform precisely because stability and security are more important.  
> 
> http://librenix.com/?inode=21
> 
> Even if we just look at desktops we would expect a platform such as Mac at an 
> estimated 20% of the market taking 20% of the malware.  Yet we have heard of 
> less than a handful.  Again it's so rare that it reaches the mainstream 
> press.  
> 
> 
> People that want to sound knowledgeable about malware and sound serious about 
> it 
> use Windows.  There is a lot to know!  It's good to show-off about how much 
> you 
> know but always the intel these people have is old because they are always 
> trying to catch-up with the ingenuity of malware creators.  People who are 
> just 
> serious about stability and security and want to stay ahead of the game tend 
> to 
> use Gnu&Linux (or Bsd, or even Mac).  
> 
> 
> Regards from
> Tom :)
> 

Two other factors that help Gnu/Linux and BSD in particular is that they
are often installed and used by more knowledgeable users and probably
more importantly is that most desktop Linux users can find almost all
the software they need in relatively secure repositories maintained by
the distros. Mac, I believe, comes with a suite of software aimed at the
most common desktop needs already installed.

Another factor with Linux and BSD (include the Mac) is no typical setup
exists, every distro has their own ideas of what makes a good distro and
how it should be done. Thus there are fewer common attack vectors that
all Linux distros have, primarily at the kernel level. Above the kernel
level you have significant differences between Red Hat/Fedora, Debian,
Ubuntu, openSUSE/SUSE, etc and add in the number of different
environments. Thus an exploit that targets KDE (or any other desktop)
probably will not have much affect on other desktops simply because they
may not have the required files installed or even need the files.

In Windows you have the situation where users range from extremely
knowledgeable to total incompetence, compound this with there is
essentially a single OS for each version of Window. This allows crackers
a wealth of very similar targets with less effort. Add that some the
users are utterly clueless about computer security and you have a
situation were attacks will be successful enough for the crackers to
justify their efforts.

-- 
Jay Lozier
jsloz...@gmail.com

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-03 Thread Tom Davies 






From: David H. Lipman 
To: users@global.libreoffice.org
Sent: Fri, 2 September, 2011 18:48:47
Subject: [libreoffice-users] Re: JRE older installs - Windows - nowonline- no 
need for Oracleaccount



Luckily Ubuntu is not targeted to the degree that MS Windows is and thus you 
have a lesser degree of exploitation.

Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 


Hi :)
Hmm, not quite the case.  Servers would make a far better target than desktops 
if the aim of malware is to cause disruption or grab data.  Pranks and 
accidents 
are sooo last decade.  


However, we still hardly ever hear about servers suffering.  If it happens at 
all it often gets reported in the mainstream news because it's so rare.  So, 
why 
is it so common-place to hear of desktops getting infected instead of servers?  


Interestingly it's the market where MS is dominant that has the most trouble 
with malware.  Most big servers run Gnu&Linux, Bsd or some other Unix-based 
platform precisely because stability and security are more important.  

http://librenix.com/?inode=21

Even if we just look at desktops we would expect a platform such as Mac at an 
estimated 20% of the market taking 20% of the malware.  Yet we have heard of 
less than a handful.  Again it's so rare that it reaches the mainstream press.  


People that want to sound knowledgeable about malware and sound serious about 
it 
use Windows.  There is a lot to know!  It's good to show-off about how much you 
know but always the intel these people have is old because they are always 
trying to catch-up with the ingenuity of malware creators.  People who are just 
serious about stability and security and want to stay ahead of the game tend to 
use Gnu&Linux (or Bsd, or even Mac).  


Regards from
Tom :)

-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: JRE older installs - Windows - nowonline- no need for Oracleaccount

2011-09-02 Thread David H. Lipman 
From: "Don C. Myers" 

> Hi Dave and all,
>
> I only run LibreOffice in Linux, specifically Ubuntu 11.04. Java versions 
> 1.6.0_24 and 
> 1.6.0_26 essentially broke base. I have a database with about 2600 records 
> in. Before 
> the two releases mentioned, going from the first record to last record took a 
> second. 
> With either of those two versions, it would take 20 to 25 seconds. It slowed 
> mail merge 
> to a crawl also. The way that the older version, such as 1.6.0_21 is 
> installed in Linux, 
> or at least specifically in Ubuntu, it is only available for Libre Office. My 
> browsers 
> all are using the most current version. I've checked. Also, 1.6.0_21 does not 
> show up as 
> an installed package on the Linux system in synaptic package manager. It is 
> only being 
> used for LibreOffice, primarily Base. There is no plugin installed to make it 
> available 
> for browsers. I'm very security conscious. I've not run LibreOffice on 
> Windows, so I 
> don't know if the issues of problems with Java affected Windows installs or 
> not. One 
> post some time ago indicated it only affected Linux installs of LibreOffice. 
> Regardless, 
> I now have a functional Base working as it should, and still have the 
> security of the 
> latest released version of Java for Ubuntu for my browsers. Hopefully this 
> will help you 
> understand the issue.
>

Yep, got it.

Luckily Ubuntu is not targeted to the degree that MS Windows is and thus you 
have a lessor 
degree of exploitation.



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: JRE older installs - Windows - nowonline - no need for Oracleaccount

2011-09-02 Thread Don C. Myers 

Hi Dave and all,

I only run LibreOffice in Linux, specifically Ubuntu 11.04. Java 
versions 1.6.0_24 and 1.6.0_26 essentially broke base. I have a database 
with about 2600 records in. Before the two releases mentioned, going 
from the first record to last record took a second. With either of those 
two versions, it would take 20 to 25 seconds. It slowed mail merge to a 
crawl also. The way that the older version, such as 1.6.0_21 is 
installed in Linux, or at least specifically in Ubuntu, it is only 
available for Libre Office. My browsers all are using the most current 
version. I've checked. Also, 1.6.0_21 does not show up as an installed 
package on the Linux system in synaptic package manager. It is only 
being used for LibreOffice, primarily Base. There is no plugin installed 
to make it available for browsers. I'm very security conscious. I've not 
run LibreOffice on Windows, so I don't know if the issues of problems 
with Java affected Windows installs or not. One post some time ago 
indicated it only affected Linux installs of LibreOffice. Regardless, I 
now have a functional Base working as it should, and still have the 
security of the latest released version of Java for Ubuntu for my 
browsers. Hopefully this will help you understand the issue.


Don

On 09/02/2011 07:04 AM, David H. Lipman wrote:

From: "Dave Sergeant"


On 1 Sep 2011 at 13:25, David H. Lipman wrote:


I have analyzed obfuscated Javascripts and viewed deobfuscated
Javascripts that uses a laundry list of vulnerabilities and software
versions in the vulnerability/exploitation attack vector.


What on earth has javascript to do with this issue? This is a JAVA
issue. Any vulnerabilities in javascript only affect javascript, which
is a totally different kettle of fish and doesn't even form part of LO.

I remain puzzled by this thread. I have Java 1.6.0.26 installed and
that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
deliberately install old potentially insecure versions of Java is very
bad advice, not to mention the copyright infringements of hosting it on
personal web space.


I'm sorry if this subject matter escapes you.

What I have tried to do is to explain the perils of using older versions of 
Oracle Java.
In this thread I have I tried to relate how using an older version can 
compromise your PC.

In short...
When you install an older version of JRE that version is made available via a 
Browser
Helper Object or Browser Plug-In to Internet Browsers.  When you visit a 
malicious website
(or get redirected to a malicious web site by something like a hidden IFrame) 
that
malicious web site can use exploit code to compromise one's computer.  Usually 
the exploit
code is in the form of an obfuscated Javascript and will use a laundry list of 
exploits
seeking out vulnerable software (such as JRE) and particular vulnerable 
versions.





--

***
*


--
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: JRE older installs - Windows - nowonline - no need for Oracleaccount

2011-09-02 Thread David H. Lipman 
From: "Dave Sergeant" 

> On 1 Sep 2011 at 13:25, David H. Lipman wrote:
>
>> I have analyzed obfuscated Javascripts and viewed deobfuscated
>> Javascripts that uses a laundry list of vulnerabilities and software
>> versions in the vulnerability/exploitation attack vector.
>>
>
> What on earth has javascript to do with this issue? This is a JAVA
> issue. Any vulnerabilities in javascript only affect javascript, which
> is a totally different kettle of fish and doesn't even form part of LO.
>
> I remain puzzled by this thread. I have Java 1.6.0.26 installed and
> that works just fine with LO 3.4.3 on Windows XP SP3. The suggestion to
> deliberately install old potentially insecure versions of Java is very
> bad advice, not to mention the copyright infringements of hosting it on
> personal web space.
>

I'm sorry if this subject matter escapes you.

What I have tried to do is to explain the perils of using older versions of 
Oracle Java. 
In this thread I have I tried to relate how using an older version can 
compromise your PC.

In short...
When you install an older version of JRE that version is made available via a 
Browser 
Helper Object or Browser Plug-In to Internet Browsers.  When you visit a 
malicious website 
(or get redirected to a malicious web site by something like a hidden IFrame) 
that 
malicious web site can use exploit code to compromise one's computer.  Usually 
the exploit 
code is in the form of an obfuscated Javascript and will use a laundry list of 
exploits 
seeking out vulnerable software (such as JRE) and particular vulnerable 
versions.



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp 




-- 
For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted