D. Hugh Redelmeier wrote: > | However, the OpenOffice.org community repeats the consistent message from > | security experts that users should never accept files from unknown > | sources. > > That is silly advice. Not really. I think the wording should be modified to read "never accept or open files unless they are coming from a trusted source". Where "trusted" means you know the person who sent you the file and you know it came from that person. > 1. dangerous things can come (or appear to come) from known sources. Only if the recipient is careless. If you get an email from someone that you know but it is forged you should be able to detect by the content of the message if it was indeed sent by that person. All I know is that if someone I know appears to have sent me an email with an attachment and a quick message saying "Hey, check this out." my guard would be raised immediately and I'd verify before opening. If they wrote more than "Hey, check this out." I'm confident the bogus sender would not be able to mimic the sender I know. I also know that I rarely open attachments from certain folks that I do know and do trust since the attachments they send are forwarded from untrusted sources. But, since I know the person, I trust they are careless. :-) > 2. it is common practice to share files and there are good reasons to > do so. (This is more useful than any macro capability.) I don't think that has much to do with the advice given. > It would appear that the advice is only given to attempt to duck > responsibility. Not really. It is more of an admission that software cannot be trusted to be 100% bug free and the brains behind the keyboard should be exercised from time to time. > The right fix is to the macro feature of Open Office. Find a bug, fix the bug. > I seem to remember that this kind of vulnerability was observed and > eliminated from troff over 20 years ago. > -- The surest protection against temptation is cowardice. -- Mark Twain
