[39904] in Cypherpunks
Re: Another Netscape Bug (and possible security hole)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Fri Sep 22 16:30:22 1995
From: Adam Shostack <adam@homeport.org>
To: dmandl@panix.com
Date: Fri, 22 Sep 1995 16:19:46 -0400 (EDT)
Cc: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <Pine.SUN.3.91.950922154119.7388A-100000@panix.com> from "dmandl@panix.com" at Sep 22, 95 03:47:03 pm
dmandl@panix.com wrote:
| On Fri, 22 Sep 1995, Adam Shostack wrote:
| > I keep hearing this thought. Isn't Win95 with its
| > 'executables in email' much more dangerous than Java, which at least
| > tries to address security?
|
| Is that the new MS-Word you're thinking of? I hear that it lets you
| imbed macros containing executable code in documents. That's got to
| be one of the most dangerous ideas ever cooked up.
No, this is a seperate problem. Its not auto-executing code
in Microsoft documents that worries me, so much as the ability to
include executables as clickable images in a mail message, with the
user having no control over what environment the program executes in.
If strong fences make good neighbors, where are the fences in
my network neighborhood?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
