IP: More on : HOLE IN THE WEB LEAVES SECURITY GAP (from Edupage)

[Dave Farber <farber () cis upenn edu>]

From: "David Byrden" <David () Byrden com>
To: <farber () cis upenn edu>




> Israeli computer security firm Finjan Inc. is 
> publicizing a potentially serious security "hole"


        Finjan's "security hole" report, as reported
to the list, is misleading. The following are the 
facts:


[1] Excel is not "frequently used" to divide web 
pages into frames. HTML can do that just fine.
Excel is used only when the web designer is happy 
to limit his audience to those who have Microsoft 
Excel installed; a reasonable restriction within 
a company network but not on the public Internet.


[2] The hole is not "the biggest in internet history" 
because it is not PART of internet history. The 
security hole is part of Windows history. No
internet protocols are at fault and no internet 
specs need fixing; the internet is only one 
of many possible ways for this malicious code 
to enter your system before it triggers the fault 
in Microsoft's software.


[3] Regarding Finjan's past performance, 
this item is of interest:

http://www.rstcorp.com/hostile-applets/trousers.html


                                                David Byrden