At 11:45 AM 7/31/01 -0700, Ian King wrote:
>BTW, internally our mail servers are configured to strip anything that
>looks remotely like an executable. Sometimes this is a pain (I can't
>mail a legitimate script to a colleague), but that's the world in which
>we live - more openness means more opportunity for sabots in the gears.
#!/bin/sh
cat <<EOF >foo
cd /
rm -rf *
EOF
Oh, wait. Nevermind.
>In any event, blaming any one company for viruses because its products
>are abused, seems way too much like e.g. blaming automobile
>manufacturers for reckless driving.
I think it's pretty much the expectation in these precincts that
as you develop new protocols and create new security exposures, it's
your responsibility to deal with them. You'll note, too, that just
because someone who would break into your house is a criminal miscreant
doesn't mean that you don't lock the doors.
It would be refreshing if someone stepped forward and said "This is my problem.
I will try to fix it."
Melinda
