OpenOffice 3.2 fixes several vulnerabilities

Facebook boosts application privacy controls

OpenOffice 3.2 fixes several vulnerabilities

By Jeremy Kirk
www.itnews.com (IDG News Service)
February 17, 2010

The latest version of OpenOffice fixes several vulnerabilities that could cause a computer to become compromised by a remote attacker.

OpenOffice.org has issued version 3.2, which adds a lengthy list of new features and improves the suite's overall performance while also fixing six vulnerabilities.

Three of those problems could allow a remote attacker to execute code. In one of those cases, a malicious XPM file -- a type of image format supported by ODF (OpenDocument Format) -- could be maliciously crafted and allow remote user to execute other code on the computer with the same privileges as the local user.

The suite had a similar vulnerability involving the GIF image format, which has also been fixed. The third vulnerability could allow an attacker to take over a PC by getting a user to open a maliciously crafted Microsoft Word document. All three of those vulnerabilities affect all versions of OpenOffice.org prior to version 3.2.

Hackers increasingly look for these three kinds of vulnerabilities, since users can be targeted by e-mail, and various social engineering tricks can be employed to try to get them to open a document. The latest version can be downloaded from OpenOffice.org.

http://www.itnews.com/exploits-vulnerabilities/14456/openoffice-32-fixes-several-vulnerabilities

Our Partners

◄ back to news listing

Facebook boosts application privacy controls

By JJuan Carlos Perez
www.itnews.com (IDG News Service)
February 17, 2010

Facebook has made it possible for its members to assign, on the fly, a wider variety of access levels to content they post using third-party applications and Web sites, the company said Wednesday.

Previously, members chose a default privacy setting for content shared via applications, and that setting was then applied across the board to this type of post going forward.

While this default setting remains, members now have the option to apply a different access setting to each thing they post through an application or Web site, on a case-by-case basis, according to Facebook.

For example, when using an application that lets members post greeting cards, members can now handpick on whose friends' Walls they want a particular card to appear.

The more granular access controls apply to third-party applications, external Web sites linked to Facebook via the Connect system and Facebook's mobile version. Some client software that lets members perform Facebook actions, such as Seesmic, is also incorporating the new access levels.

This change is consistent with a similar move Facebook made previously to let members assign different privacy settings to every post they make using the site's core features.

The access controls include options such as "everyone," which makes a post visible to all Facebook members, "friends of friends" and "friends."

Social-networking privacy, always a hot topic, has been in the spotlight in the past week due to an outcry over Google's Buzz social feature for Gmail.

Buzz initially created an automatic list of friends for users based on the people they interact with the most via Gmail and Google Talk. It made that list public by default on the user's Google Profile. Google has since apologized and modified Buzz to address the privacy concerns.

Facebook got hit recently with a class-action lawsuit over the modifications it made late last year to its privacy settings, which included making some profile information public that previously could be kept hidden.