Re: [d@DCC] Health privacy and license agreements
From: Michael Richardson <mcr _-at-_ sandelman.ottawa.on.ca>
To: General Discussion <discuss (at) digital-copyright.ca>
Date: Fri, 22 Nov 2002 00:37:27 -0500
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Russell" == Russell McOrmond <russell@flora.ca> writes:
Russell> Having an email client auto-view an office attachment that can contain
Russell> scripting (macros) is an extremely serious design flaw. Having commonly
Russell> shared office attachments contain scripting is itself an extremely serious
Russell> design flaw.
Furthermore, the MIME RFC, 1521, in its "Security Considations", written in
*1993* says:
9. Security Considerations
Security issues are discussed in Section 7.4.2 and in Appendix F.
Implementors should pay special attention to the security
implications of any mail content-types that can cause the remote
execution of any actions in the recipient's environment. In such
cases, the discussion of the application/postscript content-type in
Section 7.4.2 may serve as a model for considering other content-
types with remote execution capabilities.
AGAIN, *1993* is the PUBLISH date. MIME started in 1989.
They spend MULTIPLE pages to deal with this.
There is NO EXCUSE. They were WARNED.
The IETF had HUGE debates about whether we should standardize such a
dangerous thing, and we did it because we wrote EXTENSIVELY about the risks.
MS made a CONSCIOUS CHOICE here. THEY ARE CRIMINALLY NEGLIGENT.
Russell> We need to hold vendors to the fire for these types of design problems,
Russell> even if newer operating systems from the same vendor have problems fixed.
WinXP ships with every user is admin by default.
] At IETF55 in Atlanta, GA | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] printk("Just another Debian GNU/Linux using, kernel hacking, security guy");[
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPd3CkIqHRg3pndX9AQGljAQA0+D6PM6AfYBBBcvnPdaTjfCe0hJSakxK
7zPye6iYsqIhICKoJuBPjch/4LjX3iHgekzmc9QtZfi9/eRPywNrec69/Uuov0Oe
if+08JTYmER3yc9dNbuB5bCejYTIN+q80A9ik1E/hQJZn5t/IwC/g+0/3zxXe1go
9vhiu+sy3ck=
=IU1B
-----END PGP SIGNATURE-----
--
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.digital-copyright.ca
Read: [next] [previous] message
List: [newer] [older] articles
You need to subscribe to post to this forum.
All Canadian Citizens are "Rights Holders"!
Unless otherwise stated, content on this site are licensed under a Creative Commons License.
This site and forum sponsored and managed by FLORA Community Consulting.