Re: Linux - Poster child for security glitches
From: Fredderic (fredderic@iprimus.com.au)
Date: 11/28/02
- Next message: Erik Ljungstroem: "Re: Scary report on OSS/Linux security"
- Previous message: David: "Re: who owns IP"
- In reply to: nospam: "Re: Linux - Poster child for security glitches"
- Next in thread: Sinister Midget: "Re: Linux - Poster child for security glitches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Fredderic" <fredderic@iprimus.com.au> Date: Fri, 29 Nov 2002 02:42:44 +1000
> Outlook will by default not script controls that have access to the
> filesystem.
"access to the filesystem". Any other triggers for not scripting?
As someone who knew his way around all the common viruses in his youth, I
knew quite well that the old saying "there's more than one way to skin a
cat" is the holy grail of computer viruses. In fact, it's probably the
defining paradigm of the beast.
I refer also to a case of the good old Thunderbyte anti-virus software
(which I used religeously, even after said flaw was found), which had a
trippy means of running executable code in a protected environment to
identify and remove an unknown virus from an infected executable. Worked
like a charm, until someone wrote a virus that could actually infect the
machine through said protected environment. And that was an environment
that was specifically designed do prevent just that.
You allow an untrusted script in a reasonably powerful language anywhere
near an interpreter, and you're asking for trouble. Simple.
- Next message: Erik Ljungstroem: "Re: Scary report on OSS/Linux security"
- Previous message: David: "Re: who owns IP"
- In reply to: nospam: "Re: Linux - Poster child for security glitches"
- Next in thread: Sinister Midget: "Re: Linux - Poster child for security glitches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
