Secure Coding mailing list archives
Bugs and flaws
From: bellovin at acm.org (Steven M. Bellovin)
Date: Wed, 01 Feb 2006 11:53:48 -0500
In message <43E0650D.7000205 at novell.com>, Crispin Cowan writes:
Unfortunately, this safety feature is nearly useless, because if you take an infected whatever.doc file, and just *rename* it to whatever.rtf and send it, then MS Word will cheerfully open the file for you when you double click on the attachment, ignore the mismatch between the file extension and the actual file type, and run the fscking VB embedded within.
That actually illustrates a different principle: don't have two different ways of checking for the same thing. --Steve Bellovin, http://www.stevebellovin.com
Current thread:
- Bugs and flaws Gary McGraw (Jan 30)
- Bugs and flaws Crispin Cowan (Jan 31)
- Bugs and flaws John Steven (Feb 01)
- Bugs and flaws Crispin Cowan (Feb 01)
- Bugs and flaws Wall, Kevin (Feb 02)
- Bugs and flaws John Steven (Feb 02)
- Bugs and flaws Crispin Cowan (Feb 02)
- Bugs and flaws John Steven (Feb 01)
- Bugs and flaws Jeff Williams (Feb 02)
- Bugs and flaws Crispin Cowan (Jan 31)
- Bugs and flaws Gunnar Peterson (Feb 01)
- <Possible follow-ups>
- Bugs and flaws Steven M. Bellovin (Feb 01)
- Bugs and flaws Gary McGraw (Feb 02)
- Bugs and flaws Chris Wysopal (Feb 02)
- Bugs and flaws David Crocker (Feb 02)
- Bugs and flaws Chris Wysopal (Feb 02)
- Bugs and flaws Blue Boar (Feb 02)
- Bugs and flaws Al Eridani (Feb 03)
- Bugs and flaws Chris Wysopal (Feb 02)
- Bugs and flaws Gunnar Peterson (Feb 02)
- Bugs and flaws Kenneth R. van Wyk (Feb 03)