Friend
Professional
- Messages
- 2,671
- Reaction score
- 1,104
- Points
- 113
Germany declares war on vulnerabilities in office software.
The German Federal Office for Information Technology Security (BSI) has introduced new measures to improve the security of the popular LibreOffice office suite. In light of the growing cyber attacks on office software, BSI has initiated a project aimed at protecting users of this free software.
Office applications such as text editors, spreadsheets, and presentation programs are widely used both in the corporate environment and among private users. Because of their prevalence and vulnerabilities, they are often targeted by attackers. For example, hackers can use outdated instances of office applications to exploit security flaws, run malicious macros embedded in documents, and so on.
Since Germany has been trying to completely switch to free and open source software in recent years, most government agencies in the country use the LibreOffice office suite.
The project, which was launched in September 2023, has made significant security improvements to LibreOffice. One of the key innovations was the forced configuration of automatic updates, which ensures prompt installation of all important security patches.
To further improve security, LibreOffice has disabled all insecure network protocols such as HTTP, SMTP, and FTP, as well as functions with active elements, including DDE commands, macros, LibreLogo scripts, and OLE objects. In addition, access to expert settings has been restricted, which will avoid accidental (or possibly intentional) changes to critical parameters.
The project also includes the introduction of modern document encryption algorithms, which significantly improves the security of information storage and exchange. In addition, during the work, the possibility of using large language models (LLMs) for code analysis was tested, which can become an additional tool for ensuring security in the future.
In the era of digitalization, the protection of information systems is becoming not just a technical task, but an essential element of national security. Initiatives to strengthen cybersecurity demonstrate that States are aware of their responsibility to create a secure digital environment for citizens and organizations.
Source
The German Federal Office for Information Technology Security (BSI) has introduced new measures to improve the security of the popular LibreOffice office suite. In light of the growing cyber attacks on office software, BSI has initiated a project aimed at protecting users of this free software.
Office applications such as text editors, spreadsheets, and presentation programs are widely used both in the corporate environment and among private users. Because of their prevalence and vulnerabilities, they are often targeted by attackers. For example, hackers can use outdated instances of office applications to exploit security flaws, run malicious macros embedded in documents, and so on.
Since Germany has been trying to completely switch to free and open source software in recent years, most government agencies in the country use the LibreOffice office suite.
The project, which was launched in September 2023, has made significant security improvements to LibreOffice. One of the key innovations was the forced configuration of automatic updates, which ensures prompt installation of all important security patches.
To further improve security, LibreOffice has disabled all insecure network protocols such as HTTP, SMTP, and FTP, as well as functions with active elements, including DDE commands, macros, LibreLogo scripts, and OLE objects. In addition, access to expert settings has been restricted, which will avoid accidental (or possibly intentional) changes to critical parameters.
The project also includes the introduction of modern document encryption algorithms, which significantly improves the security of information storage and exchange. In addition, during the work, the possibility of using large language models (LLMs) for code analysis was tested, which can become an additional tool for ensuring security in the future.
In the era of digitalization, the protection of information systems is becoming not just a technical task, but an essential element of national security. Initiatives to strengthen cybersecurity demonstrate that States are aware of their responsibility to create a secure digital environment for citizens and organizations.
Source
