* WARNING! Attached Files
@ 1997-08-13 0:00 Sam Harbaugh, Palm Bay, Florida
1997-08-14 0:00 ` Larry Kilgallen
0 siblings, 1 reply; 2+ messages in thread
From: Sam Harbaugh, Palm Bay, Florida @ 1997-08-13 0:00 UTC (permalink / raw)
There is an attached file to two issues of info-ada. The files are named
ADA.txt and ADA1.txt. They were attached to info-ada digest 11-12 August
and 13 August respectively. I see a reference to an attached file in one of
the postings.
My policy is to never open an unsolicited attached file. Maybe someone
with more knowledge of defuzing such things will tell us what is going on.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: WARNING! Attached Files
1997-08-13 0:00 WARNING! Attached Files Sam Harbaugh, Palm Bay, Florida
@ 1997-08-14 0:00 ` Larry Kilgallen
0 siblings, 0 replies; 2+ messages in thread
From: Larry Kilgallen @ 1997-08-14 0:00 UTC (permalink / raw)
In article <3.0.32.19970813213157.009e7750@iu.net>, "Sam Harbaugh, Palm Bay, Florida" <harbaugh@IU.NET> writes:
> There is an attached file to two issues of info-ada. The files are named
> ADA.txt and ADA1.txt. They were attached to info-ada digest 11-12 August
> and 13 August respectively. I see a reference to an attached file in one of
> the postings.
I don't know what "info-ada" is, but...
> My policy is to never open an unsolicited attached file. Maybe someone
> with more knowledge of defuzing such things will tell us what is going on.
Twenty years ago IBM added a "feature" to CMS which allowed code from
a sender to automatically execute in the context of a recipient when
a mail messages was opened. They quickly realized the error of their
ways and retracted that capability. The flaw in the concept became
a standard subject of discussion in security classes over the years,
and a prime example of what not to put in a product.
Five years ago, Microsoft added the same mis-feature to Microsoft Word
(and possibly Excel). Unless you are using one of those programs, or
have some other meaning for "open", I know of no other current programs
which have such a security flaw.
Obviously you should never _run_ a program provided by someone else
unless either:
1) You have fully inspected the source for possible
security attacks and have recompiled from that source.
2) You have a great deal of faith in both the competence
and good intentions of the author of the software and
have solid assurance that the software travelled from
the author to you unmolested (note that typical CRCs
are inadequate for this purpose, but digital signatures,
colorful CD-ROMs and shrink-wrapped packages are widely
trusted).
End of Security rant, now back to you regularly scheduled discussion
of why Eiffel is the greatest OO language ever and deserves to take
over the world, starting with the newsgroup formerly devoted to Ada.
Larry Kilgallen
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~1997-08-14 0:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1997-08-13 0:00 WARNING! Attached Files Sam Harbaugh, Palm Bay, Florida
1997-08-14 0:00 ` Larry Kilgallen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox