comp.lang.ada
 help / color / mirror / Atom feed
* WARNING! Attached Files
@ 1997-08-13  0:00 Sam Harbaugh, Palm Bay, Florida
  1997-08-14  0:00 ` Larry Kilgallen
  0 siblings, 1 reply; 2+ messages in thread
From: Sam Harbaugh, Palm Bay, Florida @ 1997-08-13  0:00 UTC (permalink / raw)



There is an attached file to two issues of info-ada.  The files are named
ADA.txt and ADA1.txt.  They were attached to info-ada digest 11-12 August
and 13 August respectively. I see a reference to an attached file in one of
the postings.

My policy is to never open an unsolicited attached file.  Maybe someone
with more knowledge of defuzing such things will tell us what is going on.




^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: WARNING! Attached Files
  1997-08-13  0:00 WARNING! Attached Files Sam Harbaugh, Palm Bay, Florida
@ 1997-08-14  0:00 ` Larry Kilgallen
  0 siblings, 0 replies; 2+ messages in thread
From: Larry Kilgallen @ 1997-08-14  0:00 UTC (permalink / raw)



In article <3.0.32.19970813213157.009e7750@iu.net>, "Sam Harbaugh, Palm Bay, Florida" <harbaugh@IU.NET> writes:
> There is an attached file to two issues of info-ada.  The files are named
> ADA.txt and ADA1.txt.  They were attached to info-ada digest 11-12 August
> and 13 August respectively. I see a reference to an attached file in one of
> the postings.

I don't know what "info-ada" is, but...

> My policy is to never open an unsolicited attached file.  Maybe someone
> with more knowledge of defuzing such things will tell us what is going on.

Twenty years ago IBM added a "feature" to CMS which allowed code from
a sender to automatically execute in the context of a recipient when
a mail messages was opened.  They quickly realized the error of their
ways and retracted that capability.  The flaw in the concept became
a standard subject of discussion in security classes over the years,
and a prime example of what not to put in a product.

Five years ago, Microsoft added the same mis-feature to Microsoft Word
(and possibly Excel).  Unless you are using one of those programs, or
have some other meaning for "open", I know of no other current programs
which have such a security flaw.

Obviously you should never _run_ a program provided by someone else
unless either:

	1) You have fully inspected the source for possible
	   security attacks and have recompiled from that source.

	2) You have a great deal of faith in both the competence
	   and good intentions of the author of the software and
	   have solid assurance that the software travelled from
	   the author to you unmolested (note that typical CRCs
	   are inadequate for this purpose, but digital signatures,
	   colorful CD-ROMs and shrink-wrapped packages are widely
	   trusted).

End of Security rant, now back to you regularly scheduled discussion
of why Eiffel is the greatest OO language ever and deserves to take
over the world, starting with the newsgroup formerly devoted to Ada.

Larry Kilgallen




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~1997-08-14  0:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1997-08-13  0:00 WARNING! Attached Files Sam Harbaugh, Palm Bay, Florida
1997-08-14  0:00 ` Larry Kilgallen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox