Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
- Subject: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
- From: "Coradeschi, Thomas J CIV USARMY PEO AMMO (US)" <email@hidden>
- Date: Thu, 17 Oct 2013 05:46:15 +0000
- Thread-topic: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
Actually, Excel was always Excel. Microsoft did have a program called Multiplan, but it never for CP/M and MS-DOS only. I kinda doubt that Multiplan for CP/M and/or DOS shared any code base with the initial release of Excel for Mac...
Thomas Coradeschi
Chief, Systems Engineering & Technology Integration Div
PM Maneuver Ammunition Systems
NIPR: email@hidden SIPR: email@hidden
973-724-4344 (ofc) 862-251-3089 (cell)
-----Original Message-----
From: fed-talk-bounces+thomas.j.coradeschi.civ=email@hidden [mailto:fed-talk-bounces+thomas.j.coradeschi.civ=email@hidden] On Behalf Of David Emery
Sent: Wednesday, October 16, 2013 4:49 PM
To: Blumenthal, Uri - 0558 - MITLL
Cc: email@hidden
Subject: Re: [Fed-Talk] Fed-talk Digest, Vol 10, Issue 183
Is PDF the attack vector, or is Adobe Acrobat? I don't run Adobe Acrobat on my Mac, Preview.app does a great job with PDFs (and I don't remember any CERT advisory against it.) Adobe is the new Microsoft, with respect to vulnerabilities and arrogance associated with them. MS has done a very good job over the last 5-10 years tightening up their codebase.
It would be A Good Thing if DOD actually lived up to its Open Standards/Open Systems policies and adopted office automation formats that are standards and that have undergone appropriate review against vulnerabilities as "cargo." WIth respect to word processing, I know people whose preferred format for document exchange is RTF. The problem with RTF is there's no good definition (i.e. "standard"), but its simple mark-up is good for about 99% of what we need for documents.
On a related topic, I think embedded documents in MS Office products are inherently evil, as well as buggy.
But part of the problem in your list is confusing server with client/desktop. ASP is a server-side mechanism. So is JSP. Securing servers is a different proposition (in terms of investment, expertise, number of systems, etc, etc) than securing desktops. I'm no fan of 'thin clients' in the tactical world (you lose control over bandwidth), but I do see the advantage for systems that operate on "advantaged" transport (e.g. LANs with fiber connections to the rest of the Internet.)
And I'm definitely old enough to remember computing before Microsoft Office. I still prefer mark-up langauges over WSYSIG word processors, with a strong preference for Scribe's syntax and dual-inheritance semantics. MacDraw worked great for doing presentations, and Excel was originally the Mac application Multi-Mate.
With respect to "function[ing] in a modern office," all I can say is I've done pretty well over the last 35 years. More significantly, for the last 28 of those (excepting 1 year in the Pentagon in 1999-2000) I've done all my office automation work on Macs.
dave
On Oct 16, 2013, at 16:24 , "Blumenthal, Uri - 0558 - MITLL" <email@hidden> wrote:
> On 10/16/13 16:06 , "David Emery" <email@hidden> wrote:
>
>> I don't disagree with you on JavaScript, but I think Flash is a lot worse
>> :-)
>
> Hmm, now I have to agree with you... What's going on? :-)
>
>> But you've captured my logic: An application that is a common attack
>> vector should be avoided, and it's certainly not something I'd include in
>> my (informal) Trusted Computing Base.
>
> Great! Let's get rid of PDF (huge attack vector), of all the MS Office
> applications and formats (after all, the [in]famous RSA attack was
> delivered in an XLSX file), image files (yes, they are vectors, believe or
> not), Javascript, ASP, etc... Oh, and of Java - but of course... You'd be
> 100% unable to function in a modern office (unless you're its sole
> occupant, employee and boss) - but what does that matter when you've
> eliminated a few of the common attack vectors...?
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden