Re: Malware Triangle
From: kurt wismer (kurtw_at_sympatico.ca)
Date: 12/01/04
- Next message: donnie: "Re: wireless broadband security"
- Previous message: Darren Tucker: "Re: FTP and SSH access question"
- Next in thread: Richard S. Westmoreland: "Re: Malware Triangle"
- Reply: Richard S. Westmoreland: "Re: Malware Triangle"
- Reply: Ant: "Re: Malware Triangle"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Nov 2004 18:23:43 -0500
Ant wrote:
> "kurt wismer" wrote:
>>Ant wrote:
>>
>>>The <script> tag says "here's a script, you can run it if you like".
>>
>>that's an embellishment... it says "here's a script", i'll give you
>>that, but that's about it...
>
>
> And those embelishments contribute to the whole, and are the problem
> with respect to malware issues.
i actually meant that it was an embellishment on your part, not the
designers part, nor html's part...
>>markup languages don't tell their associated readers what to do, they
>>label various sections of data in a document as being of type X and/or
>>having property Y... the associated reader decides what to do with the
>>data in part based on the semantic meaning those labels (or tags)
>>add... tags don't instruct, they describe...
>
> The effect is the same, as far as a permissively configured browser is
> concerned, when it interprets html with embedded executable content.
browsers don't define html... the 'effect' may very well be the same
but the fact is that html does not have instructions, it has tags... if
tags were instructions they'd be called instructions...
>>>When you unpack a zip file you don't expect execution of content. When
>>>you render html containing embedded scripts, you may.
>>
>>only because the convention for 'rendering html' in practice includes
>>handing scripts and other embedded objects off to their associated
>>handlers/subsystems/etc in addition to straight html rendering...
>
> This is why I originally said it should be considered a programming
> language, although you and I know that in its pure form it is not.
> Html has evolved to allow all sorts of constructs and active content
> which we might think inappropriate for a text markup language, but
> was thought necessary to enhance hypertext for the web experience.
i reiterate - those are *not* part of html... what html has is the
ability to act as a container for non-html content, nothing more... it
is no different than an archive format in that respect...
> An html text file with the "embelishments" effectively becomes one
> script containing not only layout and display descriptions, but
> references to executable objects, and program source code which will
> be interpreted and run in a suitably configured browser. Perhaps I
> should not have called this conglomeration "html" in my original post
> to this thread.
that conglomeration is an html document, but it is not html...
here's an obvious distinction - it is possible to have a browser that
fully complies with the html standard and yet does not (even can not)
execute the additional content contained within html documents they
display (think lynx, or maybe arachne), just as there are email clients
that do not (even can not) execute the additional content contained
within the emails they display...
would you condone emails being called programs in spite of the fact
that the specifications for email do not include mention of
instructions to be carried out when encountered in the email body? why
should html documents be considered any different? they are containers
of arbitrary content and their respective readers may be (often are)
configured to execute some of that content automagically...
-- "maxwell can tell he's in hell just wants you to visit him there same old game that he's playin' his rules are never fair"
- Next message: donnie: "Re: wireless broadband security"
- Previous message: Darren Tucker: "Re: FTP and SSH access question"
- Next in thread: Richard S. Westmoreland: "Re: Malware Triangle"
- Reply: Richard S. Westmoreland: "Re: Malware Triangle"
- Reply: Ant: "Re: Malware Triangle"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
