Question regarding an article from Microsft Hellas's CEO
Frank Heckenbach
frank at g-n-u.de
Mon Feb 16 20:46:23 UTC 2004
Recently I wrote:
> Another basic problem [of Microsoft software] is the tendency to
> blur the distinction between executable code and data.
Not to belabour the issue, but I was pleased to see that in the
current issue of "CRYPTO-GRAM" Bruce Schneier, one of the world's
leading security experts, makes the same point:
: Security vulnerabilities aren't like the weather; they don't just
: happen. They are the result of mistakes: mistakes in the code,
: mistakes in design, or mistakes in specification. MyDoom spread across
: the Internet because of an enormous vulnerability in e-mail software:
: users are allowed to execute arbitrary e-mail attachments.
:
: This is a bug. I know it's generally called a feature, but it's
: not. It's a design flaw. It's a huge security vulnerability. And I
: think it's high time we started calling it that.
<http://www.schneier.com/crypto-gram-0402.html#8>
Frank
--
Frank Heckenbach, frank at g-n-u.de
http://fjf.gnu.de/
GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)
More information about the Discussion
mailing list