, 2004-02-20
If hundreds of thousands of people are still blindly clicking on attachments in their email, is there any hope of mitigating the threat of hundreds of thousands of compromised systems with open backdoors?
Expand all |
Post comment
Reasonably sane programming handles that.
HTML interpreters are truly horrible things to debug. Avoiding HTML flat out avoids:
a. javascript interpreters
b. image loaders
c. additional network connections
d. other interpreters (PDF, Postscript, ... though these might remain vulnerability points if MIME interpreters are allowed)
e. Active X
f. general browser vulnerabilities.
These have ALL been known failure points ever since about 1990, and the web started to exist. MIME vulnerability points have been known ever since the standard was created. Even then, the warning was "don't use an interpreter that you don't trust".
Guess what. I don't trust any of them.
I would much prever a plain jane text viewer -- such as Pine
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/221/25198#25198