From: Jon Lasser <jlasser@rwd.goucher.edu>
To: dmandl@panix.com
Message Hash: aa3a871e9e4140dff6db4d074d57a8a82fdda4a6bbb336a4ad8112e3efac78c0
Message ID: <Pine.SUN.3.91.950925144312.26957E-100000@rwd.goucher.edu>
Reply To: <Pine.SUN.3.91.950922154119.7388A-100000@panix.com>
UTC Datetime: 1995-09-25 19:02:32 UTC
Raw Date: Mon, 25 Sep 95 12:02:32 PDT
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Mon, 25 Sep 95 12:02:32 PDT
To: dmandl@panix.com
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <Pine.SUN.3.91.950922154119.7388A-100000@panix.com>
Message-ID: <Pine.SUN.3.91.950925144312.26957E-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, 22 Sep 1995 dmandl@panix.com wrote:
> On Fri, 22 Sep 1995, Adam Shostack wrote:
>
> > Perry E. Metzger wrote:
> >
> > | I don't believe the Sun Java stuff would suffer from it, although I
> > | fear Java a great deal.
> >
> > I keep hearing this thought. Isn't Win95 with its
> > 'executables in email' much more dangerous than Java, which at least
> > tries to address security?
>
> Is that the new MS-Word you're thinking of? I hear that it lets you
> imbed macros containing executable code in documents. That's got to
> be one of the most dangerous ideas ever cooked up.
Agreed; but it's present, not just in Word (every version since 2.0, as
far as I can tell, in fact, since they all let you make system calls...),
but in Microsoft Network, Microsoft Access, Microsoft Excel... I believe
PowerPoint and Publisher are exempt from this bug, if only because the
current versions have no macro languages...
One of the penalties that modern software (at least for Windows) imposes
is the ability to create massive viri, simply by allowing system calls to
be executed from macros (if this was not the case, OLE technology
wouldn't work, and interoperation between Windows programs can't occur,
thereby crippling the system through bad design regardless of which
alternative was chosen)
Jon
------------------------------------------------------------------------------
Jon Lasser <jlasser@rwd.goucher.edu> (410)494-3072
Visit my home page at http://www.goucher.edu/~jlasser/
You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
Return to September 1995
Return to “Yih-Chun Hu <yihchun@u.washington.edu>”