1995-09-25 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: Jon Lasser <jlasser@rwd.goucher.edu>
To: dmandl@panix.com
Message Hash: aa3a871e9e4140dff6db4d074d57a8a82fdda4a6bbb336a4ad8112e3efac78c0
Message ID: <Pine.SUN.3.91.950925144312.26957E-100000@rwd.goucher.edu>
Reply To: <Pine.SUN.3.91.950922154119.7388A-100000@panix.com>
UTC Datetime: 1995-09-25 19:02:32 UTC
Raw Date: Mon, 25 Sep 95 12:02:32 PDT

Raw message

From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Mon, 25 Sep 95 12:02:32 PDT
To: dmandl@panix.com
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <Pine.SUN.3.91.950922154119.7388A-100000@panix.com>
Message-ID: <Pine.SUN.3.91.950925144312.26957E-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Sep 1995 dmandl@panix.com wrote:

> On Fri, 22 Sep 1995, Adam Shostack wrote:
> 
> > Perry E. Metzger wrote:
> > 
> > | I don't believe the Sun Java stuff would suffer from it, although I
> > | fear Java a great deal.
> > 
> > 	I keep hearing this thought.  Isn't Win95 with its
> > 'executables in email' much more dangerous than Java, which at least
> > tries to address security?
> 
> Is that the new MS-Word you're thinking of?  I hear that it lets you
> imbed macros containing executable code in documents.  That's got to
> be one of the most dangerous ideas ever cooked up.

Agreed; but it's present, not just in Word (every version since 2.0, as 
far as I can tell, in fact, since they all let you make system calls...), 
but in Microsoft Network, Microsoft Access, Microsoft Excel... I believe 
PowerPoint and Publisher are exempt from this bug, if only because the 
current versions have no macro languages...

One of the penalties that modern software (at least for Windows) imposes 
is the ability to create massive viri, simply by allowing system calls to 
be executed from macros (if this was not the case, OLE technology 
wouldn't work, and interoperation between Windows programs can't occur, 
thereby crippling the system through bad design regardless of which 
alternative was chosen)

Jon
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.






Thread