RE: [AP] David L. Smith arrested for writing Melissa

Larry Masinter (masinter@parc.xerox.com)
Fri, 2 Apr 1999 13:37:57 PST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gavin Thomas Nicol: "RE: [AP] David L. Smith arrested for writing Melissa"
Previous message: Rohit Khare: "[AP] David L. Smith arrested for writing Melissa"
In reply to: Rohit Khare: "[AP] David L. Smith arrested for writing Melissa"
Next in thread: Gavin Thomas Nicol: "RE: [AP] David L. Smith arrested for writing Melissa"

The problems associated with executable code in email attachments
have been well documented since the first MIME draft discussed
the security considerations of "application/postscript".

The problems associated with ANY application quietly sending
mail on behalf of the user, without the user's explicit confirmation
that mail is being sent, have also been well documented.

While I wouldn't defend anyone who created a virus, isn't there
SOME responsibility to be shared by those who release, deploy,
support, and promote software with obvious and well-known security
holes?

While I'm being curmudgeonly, I'll also grumble about those
who would add 'active content' to text/html without attention to the
appropriate security considerations, thus leading to the
problems we saw with JavaScript invoked file upload of user's
personal files.

Larry

-- 
http://www.parc.xerox.com/masinter

Next message: Gavin Thomas Nicol: "RE: [AP] David L. Smith arrested for writing Melissa"
Previous message: Rohit Khare: "[AP] David L. Smith arrested for writing Melissa"
In reply to: Rohit Khare: "[AP] David L. Smith arrested for writing Melissa"
Next in thread: Gavin Thomas Nicol: "RE: [AP] David L. Smith arrested for writing Melissa"