Update on my Black Hat 2009 OOo Security comments
By user13342178 on Apr 30, 2009
I have to correct something that I just wrote in my Black Hat 2009 OOo Security comments.
My colleague who is working on the encryption stuff just pointed me to the fact that we have fixed the bug with macros in encrypted documents sometimes not being encrypted, but that we don't show the warning that I mentioned. Reason was (again) the compatibility thing.
I am really sorry for my false statement about this, and that the attack described in the paper (replacing encrypted macros with plain text macros) still works in OOo 3.0 and 3.1.
I will do my best that we change this in the upcoming OOo 3.2 version, and show the warning as promised...