[ILUG] [Fwd: Sun StarOffice documents that "phone home" and other
interestingproblems]
Donncha O Caoimh
donncha.ocaoimh at tradesignals.com
Tue Sep 5 14:46:57 IST 2000
Usual spiel about how "Staroffice is now GPLed we'll be able to fix the
hole and add the warning mentioned below" of course applies..
Donncha.
-------- Original Message --------
From: Kurt Seifried <listuser at SEIFRIED.ORG>
Subject: Sun StarOffice documents that "phone home" and other
interestingproblems
To: BUGTRAQ at SECURITYFOCUS.COM
I'm surprised no-one has yet posted this to Bugtraq, so here goes.
StarOffice 5.2, downloaded from Sun. Simply insert a graphic, for
filename
give the URL. I simply used a gif from one of my websites, and watched
the
logfile while loading the document/etc.
HTML document: it phones home, no warning, not unexpected.
StarWriter document (version 5), it phones home, no warning.
StarSpreadsheet (name?), it phones home, no warning.
StarImpress (presentation ala powerpoint software), it phones home, no
warning.
Opening these documents in Linux, same results. The weirdest thing is
when I
ran strings on them I saw bits of data from other
What concerns me even more is this: under Windows I created a new
spreadsheet, inserted an image (http://blahblah), saved it and exited,
then
ran it through strings, and saw some data from an email I sent a while
ago.
WTF??? Closed outlook, tried it with starwriter, nothing, tried it again
with starcalc, wasn't able to recreate it...
Needless to say StarOffice raises some rather interesting issues, and
seems
to have some problems/glitches, if anyone can confirm this I would love
to
know. As for a warning dialog before downloading internet components
that
might be nice, something like:
"do you wish to retrieve
http://www.example.org/trackingimage-091919.gif?"
But I doubt Sun will add that in.
Kurt Seifried
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/
More information about the ILUG
mailing list