Educause Security Discussion mailing list archives
Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions)
From: "Howell, Paul" <grue () UMICH EDU>
Date: Thu, 27 Feb 2003 05:51:09 -0500
There is a thoughtful list of issues at http://www.goldmark.org/netrants/no-word/attach.html on this topic. Folks that have been doing security for a while have long known that macro viruses in products such as Word and Excel represents a threat. Melissa was one such virus. As a result, there is a history of recommending that more execution neutral formats such as PDF and plain text be used instead. Time has changed things though. Today, many people (including security experts) commonly email word, ppt, and html, all capable of executable content. Likewise, malicious javascript and java are threats to web surfing. Yet many web sites operated by security firms try to use these languages. Some won't work correctly unless one or both are enabled. The X-Force database is an example of this. In short, the different sides of this issue seems like an example of old-school vs. new-school risk calculations. < paul ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Howell, Paul (Feb 27)
- <Possible follow-ups>
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Piazza, John (Feb 27)