Question regarding an article from Microsft Hellas's CEO

• Previous message (by thread): Question regarding an article fromMicrosft Hellas's CEO
• Next message (by thread): [Fwd: IDC quote]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recently I wrote:

> Another basic problem [of Microsoft software] is the tendency to
> blur the distinction between executable code and data.

Not to belabour the issue, but I was pleased to see that in the
current issue of "CRYPTO-GRAM" Bruce Schneier, one of the world's
leading security experts, makes the same point:

: Security vulnerabilities aren't like the weather; they don't just
: happen.  They are the result of mistakes: mistakes in the code,
: mistakes in design, or mistakes in specification.  MyDoom spread across
: the Internet because of an enormous vulnerability in e-mail software:
: users are allowed to execute arbitrary e-mail attachments.
:
: This is a bug.  I know it's generally called a feature, but it's
: not.  It's a design flaw.  It's a huge security vulnerability.  And I
: think it's high time we started calling it that.

<http://www.schneier.com/crypto-gram-0402.html#8>

Frank

-- 
Frank Heckenbach, frank at g-n-u.de
http://fjf.gnu.de/
GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)

• Previous message (by thread): Question regarding an article fromMicrosft Hellas's CEO
• Next message (by thread): [Fwd: IDC quote]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]