OpenOffice / OpenDocument and MS Office 2007 / Open XML security

Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)

Not too surprising when you come to think of it, there are tons of possibilities to embed various kinds of malware in the new office document formats. Also, you always have the risk of leaving sensitive metadata in there... If you publish stuff, you better convert to PDF before. But even that might leave sensitive data in the PDF, mind you!

Oh, and one nice detail you might enjoy:

  • OpenDocument specification: 700 pages
  • Microsoft's Open XML specification (final draft): 6036 pages!

And that doesn't even describe all of the format (e.g. VBA macros are missing)! No further comment required...

Five things I plan to do in 2007

This is sort of a New Year's resolution... In no particular order:

  1. Write a book.
  2. Learn at least one new programming language.
  3. Donate money to (or become member of) either the EFF, the FSF, the CCC, or another similarly important organization.
  4. Make use of my rights as a citizen and write letters to elected politicians, urging them to promote certain topics/issues/laws (privacy, democracy, transparency) and to combat others (software patents, voting computers, data retention, mass surveillance and lots more comes to mind).
  5. Work on and support selected Free Software projects in my spare time, especially projects which are of a greater importance to the Free Software movement (or the Free Culture movement; or freedom; or privacy; or anonymity; or democracy) than the 158th IRC client or the 276th tetris clone. Some examples: LinuxBIOS, Nouveau, Tor, Gnash, and Democracy Player to name just a few projects. General motto: Choose your battles!

Oh, and one more thing: Do the most important duty as a citizen of any democratic country — help to save democracy by killing voting computers.

Yeah, so that makes six things I plan to do in 2007. Sue me.

23C3 - Day 2, 3, 4

Sputnik

A bit late, but here are some more random notes from 23C3:

  • I didn't see much of the surrounding programs, workshops, projects etc. of the congress, as I was attending tons of lectures all day long. Most of the time I was even recording a lecture from a different room via DVB-T (for later viewing) while watching a "live" lecture in the room where I was sitting with my laptop.
  • I met some LinuxBIOS people at the congress (no hacking, though). However, Peter Stuge did a nice 5 minute presentation on LinuxBIOS in one of the Lightning Talks sessions. A video should be available soon.
  • Like ca. 1000 other people, I bought some of the Sputnik active 2.4GHz RFID tags for tracking and hacking purposes. There's some data mining going on using the data collected during the 4 days of the congress. This is an experiment to demonstrate the possibilities of tracking and surveillance with today's technology in order to hopefully make the people (and politicians) more aware of the associated threats and risks... Btw, the hardware is licensed under a Creative Commons license, the software is GPL'd, so feel free to contribute!
  • I barely slept 2 hours a day during the whole conference, so I needed lots of time for recreation afterwards... But it was very well worth it!

23C3 - Day 1

Some observations while on an 8 hour (night) train ride to the 23rd Chaos Communication Congress (23C3) in Berlin:

  • DVB-T doesn't really work exceptionally well in a train that's moving at 200-300 km/h.
  • I also had almost no GPS signal in the train either, not sure why. The speed should not be a problem as GPS is supposed to work at high speeds (unlike DVB-T). I intended to create a nice visualization of all wireless networks on the way to Berlin (using Kismet and GPSDrive), but... well, without GPS data that's not too funny.
  • They have coffee in the train! Not exactly cheap, but it's there.
  • Having a ticket for waggon 23 of the train is somewhat... fitting.

There's a lot of press coverage about the congress already, so I won't repeat all of that here. Just let me tell you that there's a tremendous amount of great lectures, many of which I have attended (and they're also streamed on the web, as well as broadcast via DVB-T locally here in Berlin, which is great!).

Donations for a good cause

You still got some money left after buying all those Christmas presents? How about donating some of it for a good cause:

  • Wikipedia

    Wikipedia is entering 2007 as one of the 10 most visited websites in the world. That's a great proof of our success. However, with this success comes a new set of challenges and responsibilities. As we plan for the future of Wikipedia and all of the Wikimedia projects, our two most important goals now are the reliability of our content and the long-term sustainability of every project in which we are involved.

    To meet these goals we have a lot of work to do, so I am asking for your help. In the coming year, the Wikimedia Foundation anticipates dramatically increasing spending to keep up with server and traffic capacity demands, add new staff on the organizational level, improve our software and develop methods to better ensure high quality content, all while making progress toward our goal of giving free knowledge to everyone.

    -- Florence Devouard, Chair of the Wikimedia Foundation

  • Creative Commons

    It's once again time to show your support for Creative Commons. Digital technologies are connecting people in ways that were never before possible – but that network is fragile. Creative Commons needs your support to help enable a participatory culture – a culture in which everyone can actively engage in the creativity that surrounds us. We need your support to assure access to cultural, scientific, and educational content that has been pre-cleared for use by its authors.

  • Free Software Foundation (FSF)

    Freedom is more precious than anything else we have and we need to protect it while we still can.

    -- Eben Moglen in his FSF year end video appeal (OGG, 24 MB)

  • Electronic Frontier Foundation (EFF)

    EFF is a nonprofit group of passionate people — lawyers, technologists, volunteers, and visionaries — working to protect your digital rights.

  • Tor: anonymity online

    Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Or how about some organizations not directly related to Free Culture or Free Software?

  • Amnesty International (AI)

    Amnesty International (AI) is a worldwide movement of people who campaign for internationally recognized human rights. AI’s vision is of a world in which every person enjoys all of the human rights enshrined in the Universal Declaration of Human Rights and other international human rights standards.

  • Red Cross

    The International Red Cross (and Red Crescent Movement) is an international humanitarian movement whose stated mission is to protect human life and health, to ensure respect for the human being, and to prevent and alleviate human suffering, without any discrimination based on nationality, race, religious beliefs, class or political opinions.

Syndicate content