[3111] in WWW Security List Archive
Re: New and destructive word macro virus
daemon@ATHENA.MIT.EDU (mol@ecmwf.int)
Fri Sep 27 23:24:05 1996
From: mol@ecmwf.int
To: www-security@ns2.rutgers.edu
Date: Sat, 28 Sep 1996 02:40:29 +0100 (BST)
In-Reply-To: <9609271355.AA21895@phinger.srv.PacBell.COM> from "Jerry Hinek" at Sep 27, 96 07:03:13 am
Errors-To: owner-www-security@ns2.rutgers.edu
In a previous mail , Jerry Hinek wrote :
>
> >I don't think macro
> >virus postings are inappropriate here, since Word docs are frequently
> >obtainable through websites.
> >
> >Bill
>
> I just have to agree with Bill. One of the most pervasive threats over the
> web comes from new and very destructive cross-platform macro viruses. This
> list is not titled web-server-security. It's also not titled
> UNIX-server-security.
Certainly, but the title of the list is not the whole story.
Here is an excerpt from the "welcome" message WE all got when subscribing to
this list:
| The www-security list is intended for the discussion of World Wide
| Web security proposals, enhancements and issues. This is the working
| list of the proposed IETF HTTP Security working group.
Admittedly, the title is a bit misleading by being very general.
I think that any posting relating to the general issue of security
in http transactions is within the scope of this list. Alerts about
security bugs in http implementations would fall in the scope too.
Any posting related to applications or programs *directly* related to www
could be considered a relevant topic, by twisting the list definition just
a little bit (examples: CGI, browsers etc security issues).
But I still believe that any posting relating to a particular application
for which the www is used, is off-topic. There are humpteenth of recognised
mime-types, among which a fair deal can have security implications for such
or such architecture. If every single security problem of every mime-type,
even when that security problem has NOT been tested in the www environment,
is raised in this list, all our mailboxes will be clogged. Especially when
a lot of people with just basic experience and good intentions will start
sending alerts around for such or such PC virus, long known by other users.
In that respect, the reminder about the "good times" hoax is a good illustration
of how mailboxes could start being flooded with rubbish.
For me the general idea of a mailing list is to get as little mails
as possible, but very pointed one. The news are there for more general
discussions.
----
> *** deleted ***
----
> =======================================
> Jerry Hinek, Senior Security Specialist
> Pacific Bell
> 2600 Camino Ramon Room 3CN10
> San Ramon, CA 94583
> (510) 823-2246
> gjhinek@pacbell.com
> PB1(GJHINEK) from PROFS
>
--
Philippe Parmentier E-mail : P.Parmentier@ecmwf.int
Snail : ECMWF, Shinfield Park, Reading, Berkshire RG2 9AX, U.K.
