Re: Press reports regarding "SB/BadBunny-A" virus



D. Hugh Redelmeier wrote:

| However, the OpenOffice.org community repeats the consistent message from
| security experts that users should never accept files from unknown
| sources.

That is silly advice.

Not really. I think the wording should be modified to read "never accept or
open files unless they are coming from a trusted source". Where "trusted"
means you know the person who sent you the file and you know it came from
that person.

1. dangerous things can come (or appear to come) from known sources.

Only if the recipient is careless. If you get an email from someone that
you know but it is forged you should be able to detect by the content of the
message if it was indeed sent by that person.

All I know is that if someone I know appears to have sent me an email with
an attachment and a quick message saying "Hey, check this out." my guard
would be raised immediately and I'd verify before opening. If they wrote
more than "Hey, check this out." I'm confident the bogus sender would not be
able to mimic the sender I know.

I also know that I rarely open attachments from certain folks that I do know
and do trust since the attachments they send are forwarded from untrusted
sources. But, since I know the person, I trust they are careless. :-)

2. it is common practice to share files and there are good reasons to
do so. (This is more useful than any macro capability.)

I don't think that has much to do with the advice given.

It would appear that the advice is only given to attempt to duck
responsibility.

Not really. It is more of an admission that software cannot be trusted to
be 100% bug free and the brains behind the keyboard should be exercised from
time to time.

The right fix is to the macro feature of Open Office.

Find a bug, fix the bug.

I seem to remember that this kind of vulnerability was observed and
eliminated from troff over 20 years ago.



--
The surest protection against temptation is cowardice.
-- Mark Twain

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • RE: [Full-Disclosure] Re: Full Disclosure != Exploit Release
    ... > wasn't important to fix. ... specific bug. ... and they wouldn't be fixing it as they are concentrating on supporting 32bit ... The information contained in this email and any attachments is ...
    (Full-Disclosure)
  • Re: bug in ::mime::copymessage
    ... I am trying to find a bug with missing characters at the end of "some" ... mime attachments. ...
    (comp.lang.tcl)
  • Re: Why did I pay all that money to wind up with Vista?
    ... It could be your anti-virus solution which is preventing attachments ... In its basic variation the bug affects *all* kinds of file types. ... Would you as an MVP see any channels for making MS aware of the ...
    (microsoft.public.windows.vista.mail)
  • Re: Attachment duplicate/overwrite problem in 2003
    ... always sending the whole message or don't want to erase everything ... To restate my original question - why would you not just forward the ... I would say this is a serious bug if you cannot rely on the copy / ... I often include attachments to a new message which I ...
    (microsoft.public.outlook)