Not so fast there Sparky (to Dennis). Those two updates are apparently for 2010 patches to the EOT code. I get repeated requests to install them, over and over again. I don't know if it was my running the Fixit workaround or not, but I have blocked the two updates from installing any longer.
- Dennis -----Original Message----- From: Tom Davies [mailto:tomdavie...@yahoo.co.uk] Sent: Sunday, November 06, 2011 16:55 To: users@global.libreoffice.org Subject: RE: [libreoffice-users] Re: MS font exploit Hi :) Thanks Dennis. :) I know i am pretty safe at home. A targeted attack could probably compromise me fairly easily but i am pretty safe from drive-by and casual attacks. Reinstalling an OS is no big deal either. The main place i worry about uses mostly Xp machines and tomorrow is a good day for me to get access to all but 2 of the machines. Regards from Tom :) --- On Sun, 6/11/11, Dennis E. Hamilton <dennis.hamil...@acm.org> wrote: > From: Dennis E. Hamilton <dennis.hamil...@acm.org> > Subject: RE: [libreoffice-users] Re: MS font exploit > To: users@global.libreoffice.org > Date: Sunday, 6 November, 2011, 23:45 > Take heart: I just received an update > and install notice for two patches concerning TrueType fonts > on my Windows XP SP3 Tablet PC. I don't know whether > there are more coming. I don't see anything for Vista > or Windows 7 yet. Stay tuned. > > If you are running Windows XP, it might be a good time to > check for updates. > > - Dennis > > Tom, > > The security issue is not about a virus or the ways a virus > is spread. > > It is certainly about the prospect of a machine being > compromised and used as part of a zombie army or > whatever. The compromise could also be used to > compromise security on the machine that is successfully > attacked. > > I wouldn't say that LO is safe. Any application that > allows selection of TTF fonts and that uses Windows to > render fonts on the display and for printing might be > vulnerable -- all of the attack routes have not been > disclosed. But as someone else commented, the > vulnerability is in Windows. Also, the malicious fonts > need to be installed or accessed somehow. The embedded > case that had a workaround is presumably but one of the > attack entries. > > > - Dennis > > -----Original Message----- > From: Tom [mailto:tomdavie...@yahoo.co.uk] > > Sent: Saturday, November 05, 2011 11:20 > To: users@global.libreoffice.org > Subject: [libreoffice-users] Re: MS font exploit > > Hi :) > That seems to list all the supported versions/distros of > Windows but doesn't > included unsupported ones such as Win98. Does that > mean Win98 is safe or > just that they don't bother to look to see if it's > vulnerable? > > Tbh my interest suddenly dropped away when i found that LO > is safe even if > we read a doc file in it and creating doc files is still > safe too in LO. > I'm a little worried about the works machines especially > after the work i > have put in these last 2 weeks but if they suffer because > of using MS Office > then it might encourage them to move to LO and that would > be fine by me. > The problem would be if the machines got infected right > after me working on > updating everything and installing weird stuff such as > LO. > > If LO prevents the machine itself getting infected that is > one good thing > but if it inadvertently passes infections on then the wrong > people, ie LO > users, might start getting the blame for something that is > not their/our > fault. Of course they/we would also be passing it on > if we were using MS > Office but at least we would have had more warning about it > as our machines > got infected. Hmmm, this whole lack of security in MS > products really > creates a lot of weird blame issues. > > Regards from > Tom :) > > -- > View this message in context: > http://nabble.documentfoundation.org/MS-font-exploit-tp3481492p3483006.html > Sent from the Users mailing list archive at Nabble.com. > > -- > For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived > and cannot be deleted > > > -- > For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived > and cannot be deleted > -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted