ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Microsoft Word under attack. Don't open RTF files!

<< < (3/4) > >>

TaoPhoenix:
Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).
-Stoic Joker (March 25, 2014, 05:15 PM)
--- End quote ---

Or LibreOffice/Notepad2/KingsoftWriter/other?

I only use rtf files when I am being utterly lazy because plain txt doesn't want to capture fonts. The rest of the time I guess I use 2003 style .doc (LibreOffice I am looking at you, quit burying it in the settings!)

In a silly other note it's amusing no one has yet (that I know of) made a Botnet Detector game.
"Your machine has been Pwned. What do you want to do?

A. Send 1.6 million emails
B. Participate in a DDOS
C. Play Minefield like it is 1997
"

Stoic Joker:
Looks like all of them to me...although one mitigation they didn't clarify is that of you set the .rtf association to WordPad, you're ok (or at least appear to be so far..).
-Stoic Joker (March 25, 2014, 05:15 PM)
--- End quote ---

Or LibreOffice/Notepad2/KingsoftWriter/other? -TaoPhoenix (March 25, 2014, 09:20 PM)
--- End quote ---

True, but I'm looking at/for something that is lite, fast, and native. WordPad is already there by default and quick enough, which is why I use it and .rtf for all the server documentation on our cloud system ... As there is no way in hell I'm installing Office on any of the host servers. :)

apankrat:
Public service announcement

If you have to use Word or open RTF emails in Outlook, install EMET and enable it for both apps. In fact, it's generally not a bad idea to keep EMET enabled for your email client, your browser and the flash player *at all times*. Doing so plugs quite a few attack vectors and helps mitigating zero-days.

40hz:
As there is no way in hell I'm installing Office on any of the host servers.
-Stoic Joker (March 25, 2014, 10:21 PM)
--- End quote ---

 ;D I sure hope not!  In any IT department worthy of the name, doing so would be an awfully creative way to "tender one's resignation" wouldn't it? 8)

Shades:
Ooops. Then I am in trouble.

In my defense: I need to send and receive encrypted mail in 3rd party software for (very) specific B2B traffic. This is actually the law in the Netherlands (participants in this traffic have to comply, else they can expect heavy fines or even exclusion which means bankruptcy).

Unfortunately that requires extended MAPI(this is by Microsoft design) which is only supported in Outlook, which requires me to do a (partial) Office installation on a server.

But I do recognize the irony in this. To be able to communicate securely I need to install software known to be insecure and destabilizing a Windows installation.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version