Re: Advice on doc format to see for review to securityfolks

[Kevin Shaw <kevin.lee.shaw () gmail com>]

Is the document viewer on (most) Linux distributions any safer? I wouldn't
recommend an OS change to customers, I'm just curious.

My tactic with these problems is to emphasize user education and safer
browsing as well as 'vetting' from where they're getting documents. I also
encourage digital signatures and "workflow" style document control if the
environment has that many documents especially PDFs.
On Nov 16, 2010 12:32 PM, "Butturini, Russell" <
Russell.Butturini () healthways com> wrote:
> Yeah me too...I take no shame in being 0wned by the great Irongeek! :-)
>
> -----Original Message-----
> From: pauldotcom-bounces () mail pauldotcom com [mailto:
pauldotcom-bounces () mail pauldotcom com] On Behalf Of d4ncingd4n () gmail com
> Sent: Tuesday, November 16, 2010 9:44 AM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] Advice on doc format to see for review to
securityfolks
> Use whatever format you like (except silverlight <grin>) I am fairly
paranoid and open documents in different "trust zones" regardless of who
sends it. I have gotten pwned in the past by people I trusted not because of
them being untrustworthy but because they were pwned also. I just assume
anything can be infected now. Also, you can still be a victim of goatse in
ASCII. ;)
> Anytime you want someone to review something let me know. If I don't have
other pending commitments, I'll look it over.
> Bart
>
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Adrian Crenshaw <irongeek () irongeek com>
> Sender: pauldotcom-bounces () mail pauldotcom com
> Date: Tue, 16 Nov 2010 09:09:14
> To: PaulDotCom Security Weekly Mailing List<pauldotcom () mail pauldotcom com
>
> Reply-To: PaulDotCom Security Weekly Mailing List
> <pauldotcom () mail pauldotcom com>
> Subject: [Pauldotcom] Advice on doc format to see for review to security
> folks
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
******************************************************************************
> This email contains confidential and proprietary information and is not to
be used or disclosed to anyone other than the named recipient of this email,

> and is to be used only for the intended purpose of this communication.
******************************************************************************
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com