[SC-L] Bugs and flaws
Steven M. Bellovin
bellovin at acm.org
Wed Feb 1 11:53:48 EST 2006
In message <43E0650D.7000205 at novell.com>, Crispin Cowan writes:
> Unfortunately, this safety feature is nearly useless, because if you
>take an infected whatever.doc file, and just *rename* it to whatever.rtf
>and send it, then MS Word will cheerfully open the file for you when you
>double click on the attachment, ignore the mismatch between the file
>extension and the actual file type, and run the fscking VB embedded within.
>
That actually illustrates a different principle: don't have two
different ways of checking for the same thing.
--Steve Bellovin, http://www.stevebellovin.com
More information about the SC-L
mailing list