Security News > 2022 > July > S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
![S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]](/static/build/img/news/s3-ep91-codered-openssl-java-bugs-office-macros-audio-text-medium.jpg)
DOUG. A brief history of Office macros, a Log4Shell style bug, two OpenSSL crypto bugs, and more.
DUCK. If you have a Windows network where you can use Group Policy, for example, then as an administrator you can turn this function on to say, "As a company, we just don't want macros off the internet. We're not going to even offer you a button that you can say, Why not? Why not let the macros run?".
Paying the crooks for getting you out of the hole that the crooks dug you into it's not a security precaution!
Although it's not blanket unlawful to pay ransoms in general in the UK, there may be cases where you are not supposed to pay or not *allowed* to pay for other reasons because of where the money is going.
Very few of the people who did pay up actually got everything back.
If there are people who go, "You can't do that" the sort of people who say, "I'm not going to put lights on my bicycle. That's my business, not yours. If you run me over and squash me flat, that's my problem," they're forgetting about the fact that there are all these knock-on effects to the rest of the community when they do things that are insecure.