Quick update, OpenOffice now ships with macro security set for 'High' so that "Only signed macros from trusted sources are allowed to run. Unsigned macros are disabled". By going to Tools -> Options -> OpenOffice.org -> Security -> Macro Security You can also set the security level to 'Very High' so that "Only Macros from trusted file locations are allowed to run. All other macros, regardless whether signed or not, are disabled." So if you are concerned with these articles, use OpenOffice.
Listening to CBC's Search Engine Podcast I was reminded again of how much our perceptions of security have changed and how much organizations and activists need to do to be mindful of the people they are working to support. For those folks who missed the news on this item, the office of the Dalai Lama brought in the Munk Centre for International Studies' Citizen Lab to investigate some issues they were having with their computers. Turns out that an Microsoft Word document containing a Trojan horse that allowed the attacker to list and access any documents available to their computer (including on their networks), any keystrokes made on that computer and even allowed the attacker to turn on the victim's webcam and see/hear their conversations. This large-scale cyber spying operation was given the name GhostNet.
Now this has been possible for a long time, in fact the code for the Trojan horse that was used can be downloaded from the Internet and manipulated by hackers for all kinds of purposes. What's new is that the folks from the Citizen Lab were able to backtrack and access the control server that was directing these hacks. They were also able to identify that the attackers seemed to have a political target as this Trojan horse was distributed through crafted email and attachment concerning Tibet. Now given that the control server was hosted in China, that the interface was written in Chinese and that China has a strong interest in monitoring activists concerned about their occupation of Tibet, it is most likely that Chinese intelligence is behind this. This is a concern, but not my main one.


OpenConcept built the 

