Bruno Wolff III wrote: > On Tue, May 29, 2007 at 07:33:04 +0800, > Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote: >> D. Hugh Redelmeier wrote: >> >>> | However, the OpenOffice.org community repeats the consistent message from >>> | security experts that users should never accept files from unknown >>> | sources. >>> >>> That is silly advice. >> Not really. I think the wording should be modified to read "never accept or >> open files unless they are coming from a trusted source". Where "trusted" >> means you know the person who sent you the file and you know it came from >> that person. > > And how do you tell that? Viruses pretend to be sent by people you know > as one of their tricks for replication. Are you suggesting you call someone > back on the phone (or email) to confirm every document that was sent to you? Of course not.... But I explain below that as a human being I can detect if a message being sent from someone I know is being masked. As an example. Please send me an email and pretend to be "Donald C Jensen" and I'll bet you I'll detect it every time. >>> 1. dangerous things can come (or appear to come) from known sources. >> Only if the recipient is careless. If you get an email from someone that >> you know but it is forged you should be able to detect by the content of the >> message if it was indeed sent by that person. > > And how do you propose to do that? Have a secret nonstandard handshake > that you use with every correspondant? Viruses are capable of send email > from a person's normal email account and attaching themselves to a generic > text message. While these should raise suspicion, for many people these > seem fairly normal. Yes, if I care to...and it won't be non-standard. I can digitally sign my emails as well as digitally signing all documents. Check out the security features of macros under OO. >> All I know is that if someone I know appears to have sent me an email with >> an attachment and a quick message saying "Hey, check this out." my guard >> would be raised immediately and I'd verify before opening. If they wrote >> more than "Hey, check this out." I'm confident the bogus sender would not be >> able to mimic the sender I know. > > Perhaps. Right now they are picking up the low hanging fruit. If viruses > start looking at saved email messages they might be able to do significantly > better. What saved email messages would they look at? >> I also know that I rarely open attachments from certain folks that I do know >> and do trust since the attachments they send are forwarded from untrusted >> sources. But, since I know the person, I trust they are careless. :-) > > I prefer to trust that mail document viewer isn't going to screw me over. > Once upon a time this kind of misfeature was considered a bug. Though > some unix based document viewers have had these misfeatures in the past (e.g. > tex/latex and vi). I prefer to trust my instincts. -- When you have an efficient government, you have a dictatorship. -- Harry Truman
