This talk provides an update on recent & upcoming improvements in LibreOffice, for an even safer operation.
As an office suite with a lot of functionality, as well as lots of ways to throw 'active content' aka macros at it, LibreOffice, just like its commercial brethren, provides a rather large attack surface.
To mitigate that, the German Federal Agency for Computer Security (BSI) has published a best practice handbook for secure deployments of LibreOffice, as well as funded a number of additional improvements. This talk will showcase the most important ones, as well as provide suggestions for further development and security-hardened deployments:
* fully automatic background updates under Windows
* bulk disabling of active content
* non-overridable admin configurations for all of LibreOffice
* better password security, including much-improved ODF document encryption
* disabling and removal of unsafe network protocols
Alongside of the above, the talk will suggest a number of additional best practices - for deploying LibreOffice configured as securely as possible.