All | | Accessibility | Personal | Security | Sun & OpenOffice.org

Main | Next month (Jul 2006) »
20060731 Monday July 31, 2006

OpenOffice.org Conference 2006

The schedule for the OpenOffice.org Conference (OOoCon) is now available on http://marketing.openoffice.org/ooocon2006/schedule.html.

The conference will be in Lyon (France), the general sessions take place September Tuesday 12th and Wednesday 13th.

There are a bunch of ODF sessions on Wednesday
http://marketing.openoffice.org/ooocon2006/schedule/odf_abstracts.html

My session about OOo and ODF Accessibility is scheduled for 3pm.
Directly after my presentation is the coffee break, so if you want to meet me for some discussions, just contact me after my presentation.

Posted by Malte Timmermann ( Jul 31 2006, 12:28:52 PM CEST ) Permalink Comments [0]

 

20060724 Monday July 24, 2006

French department of defense damns OpenOffice.org?

You may have read that French article on ZDNet:
http://www.zdnet.fr/actualites/informatique/0,39040745,39362096,00.htm

Something like a translation of this can be found here:
http://arstechnica.com/news.ars/post/20060718-7288.html

First thing to notice is that the article is not speaking in the name of the French department of defense. There should be some clarification soon.

Last week, I and some colleagues here in Hamburg had the opportunity to speak with Mr. Filiol, who is working on the internal security study about OpenOffice.org.

We talked about 3 different issues, but I can't talk about all details here.

One of the issues is simply a bug which we should fix soon. But it is not really a security issue, but more about how users trust certain kind of documents.

An other issue was about how our trust in installed macros might ease viral effects, and we talked about some interesting options here.

The last point was about integrity checks for documents, which can also give users some more security.

All together, I must say that it was really a good call, and that Mr. Filiol and his organization are really in favor of open source software. They like our short response time, which they probably won't have in some commercial products.

Posted by Malte Timmermann ( Jul 24 2006, 09:28:41 AM CEST ) Permalink Comments [2]

 

20060713 Thursday July 13, 2006

OpenDocument Format is a truly open standard

Seems some people where unsure if ODF is really free, or if they would run into licensing and patent problems when implementing ODF in their applications.

The Software Freedom Law Center has researched the issue and has now published an opinion assuring developers that there are no legal barriers to using ODF.

Read the full story here:

http://www.softwarefreedom.org/news.html

Posted by Malte Timmermann ( Jul 13 2006, 01:27:49 PM CEST ) Permalink Comments [0]

 

20060710 Monday July 10, 2006

StarOffice, OpenOffice.org and Accessibility

It happens very often that people think they can't use StarOffice or OpenOffice.org because they need Assistive Technology (AT).

This is not true!

StarOffice or OpenOffice.org have a lot of built-in support for Assistive Technology.

The UNO Accessibility API (UAA) delivers all information that AT needs.
Currently no AT has built-in support for UAA, but the UAA is bridged to Java Accessibility, so every AT that supports Java Accessibility also supports StarOffice and OpenOffice.org automatically.

So if you re unsure if StarOffice or OpenOffice.org works with your AT, just download OpenOffice.org for free, and give it a try!

Some configuration hints can be found on http://openoffice.org/access.

Posted by Malte Timmermann ( Jul 10 2006, 09:31:06 AM CEST ) Permalink Comments [0]

 

20060704 Tuesday July 04, 2006

About the just fixed OpenOffice.org File Format Vulnerability

While the Macro and the Java Applet vulnerabilities where found by some Sun security audits, the File Format Vulnerability was reported from NGS Software Ltd.

They reported it to the OpenOffice.org Security Team, and didn't publicly disclose the vulnerability before we where able to provide updates with fixes for this issue.
Thanks for that!

This was also the first security issue handled completely by the OpenOffice.org Security Team.
Security People from Sun and from different Linux distributions are member of the Security Team. After we received the report, all of them investigated into that for different OpenOffice.org and StarOffice versions.
And this was really good, because in the first step I thought the problem was already fixed in latest OOo builds.
But it wasn't - it was just hidden from a new memory manager implementation.
The buffer overflow still existed, but OOo didn't crash with the new memory manager.

Good to have this great OpenOffice.org Security Team :)

Posted by Malte Timmermann ( Jul 04 2006, 08:47:58 AM CEST ) Permalink Comments [0]

 

20060703 Monday July 03, 2006

About the latest StarOffice and OpenOffice.org security vulnerabilities

By now you might have seen Sun's and OpenOffice.org's security alerts.

I just wanted to tell you that this is not “stardust” or “starbugs”.
These two where not able to bypass any security checks.

But the appearance of 'intended' viruses for StarOffice and OpenOffice.org caused some Sun security specialists to do deeper security audits.

In the end, they found the two issues with Macros and with Java Applets.

The way how they tricked StarOffice with macros was really interesting for us...

An other thing that we have learned from stardust and starbugs:

The security holes are fixed now, but people might still execute unknown macros, because they ignore all warnings.

I hope AV vendors will implement better support for ODF files soon, so these people are better protected, at least against known malicious macros.

Posted by Malte Timmermann ( Jul 03 2006, 02:07:47 PM CEST ) Permalink Comments [1]

 
Archives
« July 2006 »
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today

XML


Links

New Entry   Logout